Discussion

All computers connected to Harvard University data networks need to practice good computer operation in order to minimize the chance that the computers could be compromised, or if they are compromised, minimize the chance that they could be used to attack other computers at Harvard or elsewhere on the Internet.

Examples of good computer operation include applying operating system and application security patches must be applied as soon as possible after they are released, ensuring that only people with a legitimate reason have accounts on the system, and ensuring that the system is running an virus checker which is regularly updated with the latest virus tables.

Good computer operation also includes computer users thinking about security when they are using the computer and not engaging in risky behavior such as opening unexpected email attachments, responding to phishing spam, or surfing to web sites that are likely to try to download malware (such as many porn sites).

There are many systems that store confidential information at Harvard but are not managed by school or central administration IT groups.  To ensure that the confidential information on these systems is protected against disclosure the operators of such systems must annually certify their compliance with the University IT policies in the Harvard Enterprise Information Security Policy.