UNH websites and web applications must be secure. This means that the tools and practices used to create and maintain them must ensure the appropriate confidentiality, integrity, and availability of data and services that they provide.
Standards for security of UNH websites and web applications are set by the UNH Information Security Committee and are monitored by Information Security Services (ISS).
For static websites, the primary security concern is limiting access to who can add or modify those files. In this regard, user account practices are of primary importance:
For web applications, proper user account practices are important, but there are many additional areas of concern in relation to security. The following is a summary of the most important points:
If any UNH employee suspects a security-related incident with a website or web application, follow the Information Security Incident Response Plan.
For questions regarding security, please contact contact Information Security Services (ISS) or the website owner or manager.
Website owners and managers of any websites set up on UNH servers are responsible for following security-related best practices for their websites. All UNH employees must report security-related incidents following the Information Security Incident Response Plan. In addition, site owners and managers must comply with all relevant laws, university policies and this standard.
UNH reserves the right to remove a website or access to that website if the owner or manager does not appropriately maintain security practices. UNH also reserves the right to remove a website or access to that website if it is considered to have violated this standard or any other UNH policies.
If inappropriate security practices are reported, UNH AT or IT will contact the site owner to discuss the issue. Unacceptable responses may cause the UNH website, web application, or server access to be suspended.
Reports regarding inappropriate security may be sent to UNH ISS.