Application Security Office
The Application Security Office (ASO) is a unit of the Department of Application and Database Services in the Division of Information Technology. We are located in the Information Technology Center, Room 280 or 282, and can be contacted by telephone at 766-5747 or by e-mail at email@example.com.
What we do:
Our office provides University of Wyoming employees and departments access to Administrative Computer Systems and provides account and violation monitoring.
The Application Security Office processes requests for access to Administrative Computer Systems. Please submit the appropriate form found on the Account Action Forms web page to obtain an account for the Advance (Advancement and Alumni system), PIStOL (PeopleSoft Financial Information System), HRMS (PeopleSoft Human Resources System), Hershey (Imaging System), OS Web (Outreach School Reporting), or OVN (Outreach Video Network), These forms contain instructions for obtaining your account. You are required to have an account on the UWYO domain to submit a request for any of the administrative systems from the Account Action Forms web page.
Your password is yours and yours alone and is not to be shared. If a co-worker requires access to a system to act as your backup, please request an account using the appropriate forms on the Account Action Forms web page.
When setting passwords for University of Wyoming computer resources and accounts please follow the guidelines below:
- Choose passwords that are at least 8 characters long; using upper case, lower case, numbers, and special characters such as #, !, ^,+,~,[,],?.
- Do not use your username or names of relatives or pets as a password.
- Avoid using dictionary words. Make up a word or phrase you can remember. It is easier than you might think.
- Do NOT click the “Remember this password on next log in” option in your browser.
- Change your passwords frequently, every 90 days is recommended.
If you forget your domain, PIStOL, HRMS, or Hershey password, please call the IT Help Desk (766-4357, option 1) to have it reset. To have Advance or Banner passwords reset please call the Application Security Office at 766-5747. Please do not email passwords. In most cases your password will be reset at your request and you will receive a confirmation email that the password has been changed. If you don't receive the confirmation email, contact the ASO at the above number.
If you transfer to another department on campus your access may not follow you to your new position. The supervisor from your new department needs to fill out the forms on the ASO web page to request that your accounts be transferred to your new position.
Data Security and Handling
Our Administrative systems contain sensitive and Personally Identifiable Information (PII).Access to these systems should not be taken lightly.
What is Personally Identifiable Information or PII?
Examples of PII Data
The following list contains examples of information that may be considered PII.
- Name, such as full name, maiden name, mother's maiden name, or alias
- Personal identification number, such as social security number (SSN), passport number, driver‘s license number, taxpayer identification number, patient identification number, and financial account or credit card number
- Address information, such as street address or email address
- Asset information, such as Internet Protocol (IP) or Media Access Control (MAC) address or other host-specific persistent static identifier that consistently links to a particular person or small, well-defined group of people
- Telephone numbers, including mobile, business, and personal numbers
- Personal characteristics, including photographic image (especially of face or other distinguishing characteristic), x-rays, fingerprints, or other biometric image or template data (e.g., retina scan, voice signature, facial geometry)
- Information identifying personally owned property, such as vehicle registration number or title number and related information
- Information about an individual that is linked or linkable to one of the above (e.g., date of birth, place of birth, race, religion, weight, activities, geographical indicators, employment information, medical information, education information, financial information).
- Below are a few guidelines that will help in the protection of
Personally Identifiable Information:
- Do not send un-encrypted sensitive data via email
- Avoid copying or downloading PII from the University’s administrative systems to your desktop computer, web server, PDA, laptop, Blackberry, iPhone, SmartPhone, USB Drive, or other storage media unless absolutely required and encrypted.
- Never download or copy Personally Identifiable Information to you home computer.
- Periodically delete temporary Internet files, cookies, and history files from your Browser
- If there are no other viable alternatives to copying or
downloading data from administrative systems, then additional
security controls must be implemented. Below are some suggested
- Remove the confidential part of the information from the data
- Store the data on the U: drive rather than on your C: drive of your local computer
- Password protect data
- Physically protect devices that can be easily moved such as SmartPhones or Laptops by locking in a secure area
For more information on keeping PII secure
You can access the NIST (National Institute of Standards and Technology) Guide to Protecting the Confidentiality of Personally Identifiable Information (PII) at \\warehouse\dis\Security_Public
The ASO monitors accounts in the following systems and investigates suspicious activity.
- Advance (Advancement and Alumni system)
- SCT Banner Student Information System (SIS) link only
- PIStOL (PeopleSoft Financial Information System)
- HRMS (PeopleSoft Human Resources System)
- Hershey (Imaging System)
- OS Web (Outreach School Reporting)
- OVN (Outreach Video Network)
- ImageNow (Imaging System for PIStOL)
- InfoEd (Research Administration)
- Medicat (College Health Information System)
- RMS (Student Housing Management System)
- Maxient (Student Conduct)
- Schlage (Residence Hall Lock System)
- ODS (SCT Banner Reporting System)
- Axis (IT Billing System)
- UC4/Applications Manager (Scheduling Systems)
- MapWorks (Student Success & Retention)