Office for Information and Communication Technologies of the SCI
Information security policy
Information security policy (ISP) describes secure and responsible access to and use of various data types. The ISP also describes the safe use of the internet and applications using remote communication between staff, students or other organisations to prevent the loss or theft of personal, research or medical data stored and processed by applicable legislation and GDPR. Employees are required to follow the guidelines in the policy, which outlines the seriousness of ISP and the rights and responsibilities of employees at the Faculty of Science in IT.
ISP has no information value only for preventing data theft or hacking attack. The main character of these recommendations serves as a prevention against unauthorised use or theft of data that can lead to both material and mental harm to the employer and persons.
The boxes below describe work in selected data and IT software areas where the rules are set at the faculty and university level or are governed by applicable legislation. The purpose of this guideline is to instruct employees on working with data and programs thoroughly, but also to familiarise employees with available university tools.
Employees must follow this policy and secure the MUNI data and IT infrastructure with which they work. If unclear, contact it@sci.muni.cz.
If you have observed suspicious behaviour by employees and applications or received a suspicious message, contact the Cybersecurity Team
of MU as soon as possible!
Emails and communication
At Masaryk University, the preferred method of email communication is using M365, which includes a license for the MS Outlook email client. Every employee of the SCI is entitled to set up an alias in the form of alias@sci.muni.cz. Further information is available on the faculty page of the E-mail Accounts and Mail.
Further email setup options can be made in IS. There are several types of email accounts within MUNI: in IS (format @mail.muni.cz, @sci.muni.cz and department). An alternative is also to use the @mail.muni.cz email with redirection to MUNI Gmail (not personal Gmail).
For ease of collaboration, it is recommended to redirect email from IS to M365. This setup allows all messages to be read from one location/email account. Some associated applications (e.g. MU Portal) work with the M365 account, so this setting is recommended. It is not advisable to set the redirection to private email, as personal emails use third-party servers to receive and send messages, and this does not guarantee the protection of sensitive data, data and security!
E-mail account in the IS MUNI |
@mail.muni.cz |
University e-mail in M365 |
@sci.muni.cz |
Department email account* |
@department.muni.cz |
*Only some departments.
The primary method of collaborating with colleagues and students on documents is through the M365 cloud office, to which each student and staff member has established a license. Collaboration using the chat and video conferencing tool MS Teams is also recommended.
A calendar with internal notes can be used in the M365 office suite. Other security features include digital signatures and encryption.
Other university tools, but less used, include Google Workspace licenses, which also include an office suite. Only log in using a university licence to work with these applications, as data protection in accordance with GDPR and MUNI internal guidelines is not guaranteed if the personal email is used.
An alternative teleconferencing option is to use the ZOOM application. In cooperation with CESNET, licenses for the application are available in limited quantities. These licenses are assigned by RNDr. Miloš Liška, Ph.D. after agreement.
WARNING
All documents that contain sensitive content such as personal data, internal information, research or medical data are subject to the European GDPR directive and the University's internal policies. Therefore, in terms of security, it is necessary to use only tools for which MUNI has purchased licenses, and stored information is stored on servers within the EU (standard M365 incl. OneDrive for Business, Google Workspace. Violation of these rules may have employment law consequences, and damages may be recovered from the employee! For an overview of available storage, please see the storage overview. In rare and justified cases, third-party applications may be used, but only if the license terms of the application are thoroughly read and the data management and protection are studied.
RECOMMENDATION
It is recommended to use a shared email account for each department (e.g. study-department@sci.muni.cz). This shared mailbox avoids cases where a departing employee forwards email correspondence to another employee for possible follow-up. To set up a shared mailbox, contact the OIKT at ovt@sci.muni.cz.
E-mail Accounts and Mail Personal Certificates Google Workspace Microsoft Teams
Cyber Security and Training
Nowadays, many security threats come via emails, websites or fraudulent phone calls. Within Masaryk University, these threats are monitored by the MU CSIRT Cybersecurity Team, which continuously issues reports on current threats and also organises training courses for administrators and users on these threats.
If you receive an unsolicited message, it can be reported immediately in Outlook. For instructions on how to report messages and types of spam, see working with SPAM in Office 365.
Important rules for working safely on the Internet are:
- Authenticate the recipient of the message (MU recommends using the digital signature option for emails).
- Do not share your passwords with anyone.
- Always check who sent the email or the URL of a link that asks you to fill in some personal information.
If you are unsure if it is a fraudulent message or call, contact OIKT at ovt@sci.muni.cz or report the suspicious message directly to the Cybersecurity Team.
IT Administrators Education Users Education Informations and Warnings Security Incidents Reporting Penetration testing
Working with applications and software licenses
For work with office applications on private devices and devices under the management of the SCI, only purchased software (SW) can be used, or SW designed for commercial use free of charge. An overview of available licences is available here. Staff members have the basic software pre-installed on their work devices, which can be supplemented with additional applications in the Software Centre.
The basic applications include Office 365, which includes MS Teams. This software is automatically installed on staff computers. You can use the installation instructions to install it on your own devices.
In most cases, you will need administrator rights to install the software on an employee device. For specific installations, contact your IT department. In your message, include:
- The application you want.
- License information (purchased license, free for commercial use).
- The device on which the application is to be installed.
For new app installations, the European GDPR directive must be observed. Some software and web applications use servers outside the EU and handle user data outside the compliance of this directive (e.g. Doodle - alternative in IS MU Tudle). Therefore these applications cannot be used within MUNI. It is strongly recommended to use only software acquired by MU/SCI, as all legal requirements are checked for acquisition. In the case of add-ons for Office 365 and its supporting applications (i.e. Outlook, Teams, etc.), the user can install these add-ons on MUNI-managed devices themselves, provided that they have studied the licence conditions, which are by the SCI and GDPR.
Always consult your IT department when purchasing and acquiring software.
To use the teleconferencing systems at the SCI, the MS Teams application is preferred, which is licensed to every IT user at the SCI as part of the Office 365 office suite. The ZOOM application can also be used as an alternative. To be assigned a licence, please contact the OIKT department by email at ovt@sci.muni.cz.
WARNING
Unauthorised commercial use of the application without a licence, distribution of the licence to persons outside the SCI MU, or working with applications that do not meet the legal requirements, the user may be subject to sanctions, including from the application developers.
SW licenses at the SCI SW in Employee PCs Microsoft Office 365
Accesses and permissions
Access and permissions to applications are not automatically added in some cases. The following table lists the applications with a contact person that you must contact to add permissions.
INET (section Economy / overview of payroll reports) |
By sending a request to the Head of the Finance Office (for economic section) and the Head of the Personnel Office (for personnel section) |
By sending a request to the Head of the Finance Office (for economic section) and the Head of the Personnel Office (for personnel section) |
|
Information System MU (IS MU) |
Primarily through the pedagogical representative |
SharePoint Owner |
|
Sdílené e-mailové schránky |
OIKT ovt@sci.muni.cz |
OIKT ovt@sci.muni.cz |
If a new employee starts in a previously used position (maternity replacement, etc.), almost all permissions in IS can be copied for the new person. In this case, contact your teaching representative or ovt@sci.muni.cz.
For access to some applications for external persons (outside of the working relationship with the SCI and DPP/DPČ), such as access to documents in the IS, VPN, Wi-Fi, etc., it is possible to set up a Sponsored Account. To set up this account, contact OIKT at ovt@sci.muni.cz.
If you are unclear or need additional permissions, please contact OIKT by email at ovt@sci.muni.cz.
Group and Access Management MUNI Single Sign-On ID Cards Connection from Home (VPN)
Working with documents and data
Each document has a different data security classification, which must be treated cautiously and, in some cases, differently. The different categories of data are available in the storage overview.
Some institutes may have their repositories or special computing applications where the same rules as above apply for data categorisation.
For working with documents and data, the SCI recommends using only Office 365 resources, for which MU provides user support. The options for working, collaborating and storing documents are described on the Office 365 page.
Managing documents and faculty policies in IS
The IS MU has a document repository that can be used for file sharing, automatic web listing, department forms, etc. This is primarily a communication repository that can be shared publicly with specific individuals or groups at MUNI. There is a document for a single naming convention used to publish standards. Similar rules govern other departmental documents. It is recommended to use SharePoint for documents intended for a circle of people and collaboration.
The IS Document Server also contains applicable faculty guidelines and policies. The OIKT department uploads these documents after approval.
Data management
Several services are available to researchers and research teams at the SCI, which they can use not only for calculations, but also for orientation in the literature.
Storage and backup
There are several types of storage for storing and backing up documents at the SCI. Each storage has different conditions for use. Care must also be taken to ensure that the type of data stored complies with applicable legislation. An overview of the most used repositories, including data categorisation, is available here.
The most used and, in most cases, sufficient storage is OneDrive. This type of storage can also be set up for automatic synchronisation between devices.
Other available storage and an overview are available here. To set up any of the storage, except OneDrive for Business, which is automatically available to every employee, contact OIKT at ovt@sci.muni.cz.
Employees on the UKB campus can use Cobian Backup through CIT SUKB. Contact CIT SUKB for service setup and questions.
RECOMMENDATION
When using one of the cloud storage services, it is recommended to keep the data on the device's local drive (backup) or back up documents to two independent sources.
Data storage comparison Recommendations for the Usage of Storages Disk Backup Solution MU Disk Backup Solution CESNET Filesender File Depository at IS Backup Solution Bacula
Login and passwords
At MUNI, there are two main types of passwords, Primary and Secondary. The differences between these passwords are described here. Some supporting applications may require different passwords, but these passwords usually require a particular application for specific departments and institutes.
If you do not know your secondary password, you can view it in IS. You can also change both types of passwords in IS.
If you do not know your Primary Password, use one of the options to receive a new password.
As noted above, within MUNI, in most cases, logging in using a Primary and Secondary password. The design of the login pages is shown on the MUNI Single Sign-On page and the IS MU page, respectively.
When filling in the login and password, always check the URL of the link where the login page is located. In some cases, the password may be spoofed for misuse. More information is described on the cybersecurity and training page.
Primary and Secondary Password MUNI Single sign-on Change password
Termination of the employment relationship at MUNI
Before terminating the employment relationship, the employee must return their loaned IT equipment. The employee will undergo this process with the faculty/departmental IT manager, who is required to complete the IT Exit Process Form with the employee. However, the employee is required to complete each checkpoint before signing:
- HW equipment loan functionality check,
- Deleting their agenda from the work unit/institutional website,
- Handing over the management of the MU Portal or website to a new employee (only if the employee has managed the website)
WARNING
If the employee shares documents with others, the documents on OneDrive are automatically deleted 300 days after leaving employment. For this reason, moving documents to a colleague's OneDrive before the end of the working relationship, or using another storage location, is strongly recommended!
Always use a connection over VPN for security reasons when working outside the university network (outside of a cable or Eduroam WIFI). Connection instructions are available here.