The following principles have been approved in order to ensure the informational security of IHP computers and networks such as to effectively promote the shared use of network resources by people at the Institute of History and Philology and beyond, allow the rapid transmission of data, and to prevent the inappropriate dissemination of confidential internal institute files, research data, and illegal access.
- To create a secure, reliable, well-functioning computing and network environment for research and administrative work.
- To prevent internet hackers from illegally accessing and using institute networks; stealing IHP files, research data, and other information; or causing damage to computers or the network.
- To prevent the spread of viruses and Trojan horse programs over the network.
- To prevent the inappropriate dissemination of internal documents, research data, and other information through IHP computers and networks.
- To provide the information needed to encourage all researchers and administrative staff of the IHP to protect the computing and network environment of the IHP.
- There is a firewall separating the IHP network from external networks.
- The manager of the IHP website may take measures to increase security such as establishing an intrusion detection system (IDS) or using a vulnerability scanner, and conduct appropriate monitoring and control in accordance with the norms laid out in the IHP Information Science Center Engineer Work Guidelines.
- In principle, access to network data is forbidden except when expressly permitted. That is, activities beyond the scope of what is explicated permitted should be assumed to be forbidden. (Activities that are permitted are listed under the next article.)
- Parties wishing to use IHP servers to provide network functions to networks external to the IHP (e.g. the website and functions which facilitate scholarly communication) must apply for permission and receive approval from the Information Science Center. The system manager will establish a firewall. In principle, network functions provided to external networks deemed acceptable include websites (WWW), file transfer (FTP), Telnet, and e-mail. Users wishing to provide other functions to external networks must apply for and receive approval on an individual basis.
- The director of the Information Science Center may approve requests for permission to provide network services to users or networks outside the IHP, and notifies and receives confirmation from the IHP as to its decision. In special cases, information engineers will give their recommendations, and after the director of the Computer Center solicits opinions through email or convenes an ad hoc committee meeting and the Information Science Center Committee reaches a consensus, the Information Science Center Director may approve the request. The convener of the Committee is to sign the relevant forms, notify the IHP, and receive confirmation there from.
- As a matter of policy, the IHP makes computers and networks accessible to those outside of the institute, and does not impose particular restrictions on such use. Under special circumstances, however, after immediately notifying the Information Science Center Director and based on the circumstances of the particular use of computers or networks, the intrusion detection system, and network management system logs as well as responses from relevant administrative divisions, the information engineers are to take appropriate measures to protect computers and networks.
- The Information Science Center may provide access to network data and carry out monthly backups in order to protect the security of data.
- When emergencies occur that affect the network and its hardware, information engineers may, at the direction of the Information Science Center Director, temporarily discontinue the other work which engages them, and immediately set about restoring proper network function as soon as possible.
- The Information Science Center must create an “Emergency Response Plan” (with step-by-step diagrams and explanations) in preparation for potential emergency circumstances, and conduct periodic emergency response drills or rehearsals in order to remain prepared for the unexpected.
These principles are to go into effect after passage by the Institute Council, as are revisions thereto.