Information Technology

Change Control

Change Control is the process that management uses to identify, document and authorize changes to an IT environment. It minimizes the likelihood of disruptions, unauthorized alterations and errors. The change control procedures should be designed with the size and complexity of the environment in mind. For example, applications that are complex, maintained by large IT Staffs or represent high risks require more formalized and more extensive processes than simple applications maintained by a single IT person.

Credit Card Transactions

Harvard units are increasingly accepting credit cards either over the web or via fax or telephone. Unfortunately that allows these units to be perfect targets for bankcard fraud. Scamsters are taking advantage of the fact that they can operate anonymously. They know that many of the credit card features that prevent fraud in the physical world do not apply in the card-not-present environment. We must understand that there is a greater need for protection against fraud exposure and associated losses.

Identity Management

Identity management is a critical element for information security. It involves granting unique ids to all users of a information system and the appropriate access in accordance with their job roles and responsibilities. In addition, it requires that access is removed when access is no longer required in a timely manner.

Authentication methods chosen should prevent unauthorized access to an account. Adhering to secure password procedures will help reduce the compromise of user accounts on the University’s systems.

Software Licensing

A good software management program includes keeping track of the organization's software use and documentation and providing training and awareness to staff on software use and copyright laws. By closely monitoring the organization's software use and documentation the organization is better able to control software costs, increase interoperability and productivity, and monitor compliance with copyright laws.