Technology Support #1
1. (5) A documented technology plan that includes electronic security measures (e.g., password protection, encryption, secure online or proctored exams, etc.) is in place and operational to ensure quality standards, adherence to FERPA, and the integrity and validity of information.
Not Observed Insufficient Moderate Use Meets Criterion Completely
Information security is governed by SJSU’s Information Security Program [pdf] and Responsible Use Policy. All users and departments are required to adhere to these policies and standards
The School of Information implements processes to comply with these policies and extend their application to all aspects of the online program environment.
The School uses electronic security measures to protect personal data as well as resources that are restricted for use by the School's students and faculty.
Student and faculty access to Canvas, the course learning management system, and to MySJSU, the University’s student information system, is controlled with password protection. Authentication credentials are communicated via the secure https protocol. After an extended length of idle time, the systems automatically log out any user in order to prevent unauthorized access. All users are instructed to keep their logins private and not share them with others.
The School protects resources that are for use only by current students and staff through use of a Restricted Materials login. This login is changed each fall semester and spring semester. The username and password are provided to students by faculty members and academic advisors via secure means--usually within their Canvas sites.
The School of Information understands the critical need to protect user information and has implemented SSL encryption wherever possible in order to protect transmission of authentication information, and in several cases the user’s entire session is encrypted via SSL.
Canvas: All user sessions on Canvas are fully encrypted via SSL. The user’s entire browser session is encrypted, including all user interaction with discussion boards, messaging, online exams, file upload and sharing, and gradebooks.
MySJSU: Similarly, all user sessions on MySJSU, the University student information system, are fully encrypted. Faculty and student interaction with messaging, grades, financial aid, registration, and payments are fully protected via SSL. Faculty may securely send information to their students via the messaging system in MySJSU.
Collaborate: All synchronous Web Conferencing sessions held via Blackboard Collaborate are fully encrypted via SSL. Information discussed or transmitted during a Collaborate Web Conferencing session is protected and only accessible to the participants, although instructors must be careful to avoid the accidental recording of sensitive information.
Blackboard IM: All text messages are encrypted. Other communications such as application sharing, video, and voice are not encrypted. We recommend that users move into a fully-encrypted Collaborate web conferencing session when secure sessions are needed with these tools.
Logins to systems such as Canvas, Collaborate, MySJSU, and to the Restricted Materials and library resources are encrypted via https.
The School's server security is protected through secure transmission of authentication credentials. Students and faculty who have accounts on these servers receive their logins via methods that ensure security. Initial passwords are created with a random password creation application and a system is in place to ensure deletion of the original communication of the login information.