Articles (24)

Pinned Article Policies on IT resources

This article explains requirements related to the use of institutional IT resources based on the University System of New Hampshire Written Information Security Program (“WISP”). The WISP consists of security policies and standards intended to protect USNH data and are in alignment with applicable laws and regulations.

COPPA (Children's Online Privacy Protection)

This article provides USNH community members an introduction to the Federal Privacy law entitled Children's Online Privacy Protection Act (COPPA). COPPA is a law that establishes a strict set of guidelines for online operations to protect the privacy of children under the age of 13.
Intended Audience: This article is intended for USNH administrators of websites or online services wherein a child under age 13 is providing personal information.

Cybersecurity Incident Reporting

This article explains how to report a cybersecurity incident for students, faculty, and staff. Reporting a cybersecurity incident is everyone's responsibility. Please be sure to report to your manager so that they can contact the Cyber Ops team via the relevant helpdesk at your campus or directly via .

ESI: Electronically Stored Information

This article contains information for the USNH community of procedures involving electronically stored information: information stored, processed, and/or transmitted with USNH technology resources.
Intended Audience: This article is intended for information technology service providers, data stewards, and persons authorized to access certain restricted and sensitive information.

File-Sharing of Copyrighted Materials

This article contains information regarding illegal file-sharing for all USNH community members who access USNH information technology resources.  This article specifically covers laws related to distribution of copyrighted materials through peer-to-peer file sharing.

Good Security Practices to Adopt at Work/School, and at Home

This article provides information regarding good security practices to adopt at work, school, and at home.

Handle Data with Care

This article provides information on handling University data with care.

How to Proceed after Your USNH Account was Compromised

This article provides steps to take if your USNH Account was compromised, after it has been secured and recovered. If you believe your USNH Account has been compromised, call the USNH Technology Help Desk immediately at for assistance in securing and recovering your account. This is an important step as it is not always enough for you to simply change your password.

Mobile Device Health and Security

Mobile device health and security is explained in this article, including the purpose, why mobile security is needed, and some of the best practices to use.

Password Managers 101

This article explains what password managers are and what they do.

PCI DSS - Payment Card Security

Payment Card Industry Data Security Standard (PCI DSS) is explained in this article, including who must comply, the merchant responsibilities, and the employee responsibilities.

Phishing and Spam

Phishing is an attempt to acquire confidential information such as account passwords, identification numbers or credit card details by pretending to be a trusted entity in electronic communications including email, texting and instant messaging. This article is for students, faculty, and staff.

Red Flag Rule - Identity Theft Prevention

This article contains information regarding identity theft prevention and the Federal Trade Commission Red Flags Rule at USNH.

Signs Your Account is Compromised

Signs that your account is compromised and related information are included in this article. In today’s information security threat landscape, the creativity, ingenuity, and perseverance of the cybercrimimals who want to steal your credentials seem to have no limits. Unfortunately, with threats coming from so many directions, even the most careful users can end up with compromised credentials.

Storing Restricted, Protected, and Sensitive Information @ USNH

This article contains information regarding storing restricted, protected, and sensitive information at USNH using SharePoint and OneDrive.

Tenable Nessus Privacy Statement

This article contains information regarding Tenable Nessus, including an outline of data elements collected by Tenable Nessus agents, and serves as a privacy policy and justification for deployment. This article is for users and administrators of servers or endpoints that store, process, or transmit sensitive or restricted information.

The Use of E-mail with Personally Identifiable Information (PII)

This article provides information for USNH employees regarding the best practices of use of e-mail communication with personally identifiable information (PII).

Tips for Keeping Your Devices Secure

This article contains tips for keeping your devices secure.

USNH Centrally-Managed Devices and Computer Quarantine FAQ

This is a list of frequently asked questions regarding the USNH Computer Quarantine effort to help keep the data of all USNH employees secure.

Vendor Contract Language Review

Vendor contract language is reviewed in this article.

Vendor Information Security and Privacy Considerations and Security Assessment Review (SAR)

This article contains information about vendor information security, privacy considerations, and security assessment review (SAR) for USNH community members engaged with vendors involved with USNH information technology resources. The purpose is to guide USNH community members regarding vendors and/or third-party partners that provide products or services that integrate with the USNH network.

What Does "Automated Management" of a Computer Actually Mean

This article contains information on automated management of a computer.

What Is the Risk Assessment Process?

This article contains information on IT risk assessments.

What's the Deal with Publicly Posted Credentials?

The following FAQ is intended to address the most common questions received from users whose accounts have been secured because their university credentials were posted publicly.