Resources

What is Qualtrics?

Qualtrics is a simple web-based survey tool that provides the opportunity to conduct online survey research, evaluations, and many other data collection activities.

One of the many advantages is the ease of learning to use Qualtrics to:

• Build surveys with multiple question styles
• Distribute the surveys with a website link (there are other ways to distribute as well)
• Analyze data collected

Of great importance, the university currently has a license for all faculty, staff, and students (some caveats with student accounts discussed if you all desire)

Benefits of Qualtrics

• Simple and intuitive formatting of surveys
• Visually appealing for respondents and survey builder
• Computer and smartphone compatible
• Flexibility of survey dissemination
• Multiple data formats (e.g., CSV, TSV, XML, SPSS)

If you need assistance please contact Manish Wadhwa at (201)-692-7074 or Email Manish@fdu.edu

Reporting Threatening or Harassing Phone Calls

The following procedures should be followed:

Contact Public Safety x2222 Metro Campus or x8888 for Florham Campus.

If the call is threatening, kindly contact Public Safety regarding threatening or harassing phone calls.

Call 911 If an Emergency Arises

Campus Emergency

Dialing 66 from your desk phone you will be connected to Public Safety. This is to be used for Emergency purposes only.

General Resources

One Drive can be a powerful tool for both Faculty and Students to share files. Here’s a quick guide to help you find and install OneDrive.

Learn how to create new documents in Office 365 and share them with others to collaborate.

Zoom is a web-based video conferencing tool that allows users to meet online, with or without video. Zoom users can choose to record sessions, collaborate on projects, and share or annotate on one another’s screens, all with one easy-to-use platform.

Zoom experts host free and interactive live training webinars daily. Get up to speed in less than an hour. Please select the time zone that fits best for you when registering for one of our live training webinars.

Having trouble connecting to Zoom? Here are some common steps you can take to troubleshoot.

Find that you need to access your FDU email on the go? Here’s how to load the app onto a mobile device.

According to FDU’s Written Information Security Program (WISP), in no case should they be sending or storing WISP protected information without the explicit authorization of the Chief Information Security Officer (CISO). If approved, these instructions will provide you with guidance on the methodology.

As a result of campus closure, student access to Adobe Creative Cloud in labs and classrooms is not available. Adobe has provided temporary at-home access for impacted students and faculty, so that they can continue their work remotely.

Students

Download Office 365.

This article explains how to create a Zoom Meeting from within your course in Webcampus so you can collaborate with your fellow students.

In this starter guide, students can learn about all the basics, from your NetID to Webmail to Webcampus and finally Webadvisor. This is a great way to make sure you can connect to all your FDU resources!

Helpful steps to take in preparation for a Zoom class.

SPSS is a software package used for statistical analysis produced by IBM. Many of our students in various majors rely heavily on this software to complete lessons and assignments. To help transition to an online learning environment, FDU students can access a student-use version of SPSS. Please contact the University Technical Assistance Center (UTAC) to request access to this software.

Please make sure to request the correct version for Mac or Windows, and please inform them of the course you are currently registered in.

Faculty & Staff

NWN Cloud Self-Service portal allows you to manage and view your Cisco Unified Communications phone settings online. Follow this resource to setup your account.

Learn how to forward calls coming into your University phone to a cell phone or home phone and how to block Caller ID.

NOTE: For main office line forwarding to another number your department Head/Owner of the Main Line needs to open a ticket with a help desk to get the mainline forwarded to a designated number you request.

Learn how to access and listen or change your voicemail messages/prompts remotely.

Setup a softphone on your computer to make and receive calls from your campus phone number.

Here you can find some helpful tips to lead productive & inclusive Zoom Classes with your students.

Zoom comes pre-stocked with numerous security features designed to control online classrooms, prevent disruption, and help educators effectively teach remotely. Here are some best practices for securing your virtual classroom using Zoom.

Want to play a video during your Zoom session? By default the video will show, but without any sound. Watch this video for instruction on how to play a video with sound.

Personal is a stand-alone application designed to be used by instructors on their personal computers to generate video recordings. The software enables you to create video recording across multiple computing platforms via a unified interface. That means instructors can universally record and share video on Mac and Windows computers, inside or outside of the classroom, with an identical user experience on each device.

Follow this easy-to-use guide for connecting your all-in-one, joining your wifi, and connecting to VPN from home.

Faculty and staff will need VPN to access Webui, Informer, Synoptix, HRIS, Purchase Order Online form and Perceptive Content. For Faculty and staff using their personal devices, this article will assist you in setting up your VPN.

Connecting to VPN for the first time? Here’s a guide to help you.

Having issues printing at home with your network printer? Follow these steps and tips as a resolution.

Users of Perceptive software can access Perceptive through a web interface rather than using the Windows client. The web interface is called Perceptive Experience. There is a little less functionality with the web interface as compared to the client, however, the most important functions still exist. Users can easily search documents that they have access to and for now, certain offices can use the web interface for capturing documents in Perceptive after being set up with this capability.

You can access your Home Drive or Department share from home using you FDU-Issued computer. This helpful guide will walk you through the steps. Home drives and/or department shares are not accessible from a personal PC.

---

Revised Date: 11/22/2022

---

1. Purpose: This Policy sets the standards for developing, implementing, and maintaining reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of information covered by applicable provisions of the Gramm-Leach-Bliley Act (“GLBA”) and associated regulations. In particular, this document describes various measures being taken by FDU to (i) ensure the security and confidentiality of covered information, (ii) protect against any anticipated threats or hazards to the security of these records, and (iii) protect against the unauthorized access or use of such records or information in ways that could result in substantial harm or inconvenience (collectively, the “Program”). The practices described in this Policy are in addition to any institutional policies and procedures that may be required pursuant to other federal and state laws and regulations, including, without limitation, the Family Educational Rights and Privacy Act (“FERPA”).
   
2. Scope of Program: The Program applies to any record containing “nonpublic personal information” about a student or other individual who has a continuing relationship with the University, whether the record is in paper, electronic, or other form, and which is handled or maintained by or on behalf of the University (“covered information”). [1] This includes any information that a student or other individual provides to FDU in connection with financial aid and tuition/fee collection efforts.

[1] Nonpublic personal information means: (i) personally identifiable financial information; and (ii) any list, description, or other grouping of consumers (and publicly available information pertaining to them) that is derived using any personally identifiable financial information that is not publicly available. “Personally identifiable financial information” means any information that a consumer provides to FDU to obtain a financial product or service, any information about a consumer resulting from a transaction involving a financial product or service between FDU and that consumer, or information that FDU otherwise obtains about a consumer in connection with the provision of a financial product or service to that consumer. A “consumer” is an individual, including a student, who obtains or has obtained a financial product or service from FDU that is to be used primarily for personal, family, or household purposes, or that individual’s legal representative. Examples include information an individual provides to FDU on an application for financial aid, account balance information and payment history, the fact that a student has received financial aid from FDU, and any information that FDU collects through an internet “cookie” in connection with a financial product or service.

3. Roles and Responsibilities: Compliance and cooperation with this Policy is the responsibility of every employee at all levels within FDU. FDU’s Vice President and Chief Information Officer (CIO), assisted by the Chief Information Security Officer (the “CISO”), has the overall responsibility for coordinating information security pursuant to this Policy. The CIO or CISO may designate other representatives of FDU to help oversee and coordinate particular elements of the Program. The team will work closely with other members of the Office of Information Resources and Technology (OIRT), the Data Security & Incident Response Team (“DSIRT”), the University Risk Manager, the Vice President for Human Resources, and the General Counsel, as well as relevant academic and administrative units throughout the University to implement the Program.
   
4. Risk Assessment: The CIO and CISO will help the relevant offices of FDU to identify reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of covered information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of the information; and to assess the sufficiency of the safeguards in place to controls these risks. This effort will be embodied in a risk assessment document.
   
   The risk assessment is a written document that includes:
   
   (i) Criteria for the evaluation and categorization of identified security risks or threats that FDU faces;
   
   (ii) Criteria for the assessment of the confidentiality, integrity, and availability of FDU’s information systems and covered information, including the adequacy of the existing controls in the context of the identified risks or threats that FDU faces; and
   
   (iii) Requirements describing how identified risks will be mitigated or accepted based on the risk assessment and how the information security program will address the risks.

5. Access Controls: The Program includes implementing and periodically reviewing access controls, including technical and, as appropriate, physical controls to:
   
   (i) Authenticate and permit access only to authorized users to protect against the unauthorized acquisition of covered information; and
   
   (ii) Limit authorized users’ access only to covered information that they need to perform their duties and functions, or, in the case of third parties, to access their own information.
   
   The Program is designed to identify and help manage safeguards for the data, personnel, devices, systems, and facilities that enable FDU to achieve its mission – efforts are prioritized in accordance with our objectives and risk strategy.
   
   FDU has adopted authentication and access controls as needed to implement the “principle of least privilege” around accessing covered data, meaning that no user should have access greater than is necessary for legitimate FDU purposes Data owners within each applicable University unit approve and periodically review access. This includes a periodic review by the Office of Enrollment Services of all users who have access to Enrollment Services security tracks in the Colleague System and a periodic review by other administrative departments that maintain students’ financial aid information regarding user access to the information.
   
   These efforts also include employee training regarding these controls. The OIRT will coordinate with representatives in FDU’s Office of Finance, Office of Financial Aid, Enrollment Services and other offices to evaluate on a regular basis the effectiveness of the University’s training, procedures, and practices relating to access to and use of student records, including financial aid information as well as financial information. This evaluation will include assessing the effectiveness of the University’s current policies and procedures in this area. All employees are required to train in FDU’s Written Information Security Program (WISP) (training.fdu.edu), which program is incorporated by reference into this Policy.
   
6. Monitoring Unauthorized Users and Use: FDU has implemented policies, procedures, and controls designed to monitor and log the activity of authorized users and detect unauthorized access or use of, tampering with, covered information. Various specific measures are identified in Appendix 1.
   
   These measures will include assessing the University’s current policies and procedures relating to FDU’s Acceptable Use Policy for Computer Usage, Confidentiality Agreement and Security Policy, FDU Procedure on Handling Data on Separating Employees, Password Policy, Policy for Acceptable Use of Email, Software Compliance & Distribution Policy, and Written Information Security Program. The CISO will also coordinate with the CIO and the OIRT to assess procedures for monitoring potential information security threats associated with software systems and for updating such systems by, among other things, implementing patches or other software fixes designed to deal with known security flaws.
   
7. Monitoring the Effectiveness of Safeguards: FDU periodically conducts penetration tests and vulnerability assessments on its network and key information systems. These measures are designed to test and monitor the effectiveness of the safeguards’ key controls, systems, and procedures, including those to detect actual and attempted attacks on, or intrusions into, FDU’s information systems.
   
   For those systems where continuous monitoring (or other methods to detect, on an ongoing basis, changes in information systems that may create vulnerabilities), is not practical, FDU will conduct:
   
   (i) Annual penetration testing on FDU’s information systems identified by OIRT based on relevant identified risks under the risk assessment; and
   
   (ii) Vulnerability assessments of FDU’s information systems, including systemic scans or reviews of information systems designed to identify publicly known security vulnerabilities in FDU’s information systems based on the risk assessment, at least every six months; and whenever there are material changes to FDU’s operations or business arrangements; and whenever there are circumstances that OIRT knows (or has reason to know) may have a material impact on FDU’s information security program.
   
8. Detecting, Preventing and Responding to Attacks: The OIRT and University Risk Manager will on a regular basis evaluate procedures for and methods of detecting, preventing, and responding to attacks or other system failures and existing network access and security policies and procedures, as well as procedures for coordinating responses to network attacks and developing incident response teams and policies. The FDU Data Security Incident & Response Team implements all aspects of, oversees other Departments’ adherence to, and documents all incident response activities. Upon determination by the CISO and General Counsel that a Security Incident triggers breach notification laws, the University will report the breach to relevant federal or state regulatory authorities by their designated methods; and, where applicable, the U.S. Department of Education, including details about date of breach (suspected or known); impact of breach (e.g. number of records); method of breach (e.g. hack, accidental disclosure); information security program point of contact – email and phone details; remediation status (e.g. complete, in process); and next steps (as needed).
   
   These measures will be documented in a comprehensive incident response plan that addresses:
   
   (i) The goals of the incident response plan;
   
   (ii) The internal processes for responding to a security event;
   
   (iii) The definition of clear roles, responsibilities, and levels of decision-making authority;
   
   (iv) External and internal communications and information sharing;
   
   (v) Identification of requirements for the remediation of any identified weaknesses in information systems and associated controls;
   
   (vi) Documentation and reporting regarding security events and related incident response activities; and
   
   (vii) The evaluation and revision as necessary of the incident response plan following a security event.

9. Overseeing In-House Developed Applications and External Service Providers: The OIRT leadership working in collaboration with the CISO will help ensure that software applications and solutions developed in-house by FDU, including modifications to third-party programs, meet the safeguard standards of this Policy. The CIO, CISO and other appropriate OIRT leaders will also coordinate with FDU’s contract review teams to raise awareness of, and to institute methods for, selecting and retaining only those service providers that can maintain appropriate safeguards for nonpublic financial information of students and other third parties to which they will have access. In addition, the CIO and CISO will work with the General Counsel and the University Risk Manager to develop and incorporate standard, contractual protections applicable to third-party service providers, which will require the providers to implement and maintain appropriate safeguards.
   
   Utilizing a variety of automated risk assessment tools such as Bitsight, OIRT periodically assesses FDU’s service providers on the risk they present and the continued adequacy of their safeguards.
   
10. Encryption: FDU adopts methods to protect by encryption covered information held or transmitted by the University by encrypting both in transit over external networks and at rest. To the extent that encryption of covered information, either in transit over external networks or at rest, is infeasible, FDU secures the covered information using effective alternative compensating controls reviewed and approved by the CISO.
    
11. Multifactor authentication: FDU has implemented multi-factor authentication for any individual accessing the University’s information systems, except where the CISO has approved in writing the use of reasonably equivalent or more secure access controls.
    
    Multi-factor authentication is defined as authentication through verification of at least two of the following types of authentication factors:
    
    (1) Knowledge factors, such as a password;
    
    (2) Possession factors, such as a token; or
    
    (3) Inherence factors, such as biometric characteristics.
    
12. Data Retention and Disposal Controls: FDU has in place procedures for the secure disposal of covered information in any format, consistent with the University’s operations and other legitimate business purposes, except where required to be retained by law or regulation, or where targeted disposal is not reasonably feasible due to the manner in which the information is maintained. Where information is not needed to be retained, the University will take reasonable measures to include processes for disposal of covered information no later than two years after the last date the information is used for legitimate University purposes. The Program includes periodic review of our data retention policy to minimize the unnecessary retention of data.
    
13. Adjustments to Program: Risk assessment activities will be periodically performed to reexamine the reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of covered information that could result in the unauthorized disclosure, misuse, alteration, destruction, or other compromise of such information, and to reassess the sufficiency of any safeguards in place to control these risks. The CISO is responsible for evaluating and recommending adjustments to the program based on the undertaken risk identification and assessment activities, as well as any material changes to FDU’s operations or other circumstances that may have a material impact on the Program.
    
14. Reports to the Board. The Vice President of OIRT will submit written reports to the Board of Trustees at least once each calendar year. The report will include the following information:
    
    (1) The overall status of the Program and FDU’s compliance with the safeguard requirements under the GLBA;
    
    (2) Material matters related to the Program, addressing issues such as risk assessment, risk management and control decisions, service provider arrangements, results of testing, security events or violations and management’s responses thereto, and recommendations for changes in the information security program.
    
    The CIO may approve deviations to the processes set forth in this Policy to meet changing conditions at the University, so long as such deviations are designed to achieve the safeguard goals set forth in this Policy and do not violate the GLBA and other applicable laws.

---

Appendix 1

Certain Additional Specific Safeguards

Periodically (generally at least once each year), leaders from applicable University departments and units are surveyed regarding their processes for safeguarding covered information, using a standard template. Results are compiled and conveyed to the CIO for review and follow-up, including adopting and incorporating results in the University-wide Risk Assessment.

The CIO will determine which departments and units should receive the assessment survey, based on their handling of covered information. Currently, the units are: OIRT, Office of Enrollment Services, Credits and Collections, Admissions, International Admissions, Financial Aid, Veteran Services, Accounts Payable, Management Information Systems, Conference & Summer Programs, School of Pharmacy, and the Controller’s Office.

The standard assessment template is as follows:

(A) Designate an employee or employees to coordinate the unit’s information security program.

(B) Identify reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information, and assess the sufficiency of any safeguards in place to control these risks. At a minimum, such a risk assessment should include consideration of risks in each relevant area of your operations, including:

• Unauthorized disclosure of sensitive information by employees through intentional or unintentional methods.
• Unauthorized access, disclosure, misuse, alteration or destruction of information on hosts.
• Detection and prevention of attacks on the systems.
• Unsecured transmission of data.
• Physical security of computer systems, network equipment, backups and paper materials.
• Managing data integrity and system failures.

(C) Design and implement information safeguards to control the risks you identify through risk assessment, and regularly test or otherwise monitor the effectiveness of the safeguards’ key controls, systems, and procedures.

1. Unauthorized disclosure of sensitive information by employees through intentional or unintentional methods:
   
2. Unauthorized access, disclosure, misuse, alteration or destruction of information on hosts:
   
3. Detection and prevention of attacks on the systems:
   
4. Unsecured transmission of data:
   
5. Physical security of computer systems, network equipment, backups and paper materials:
   
6. Managing data integrity and system failures:

(D) Oversee service providers, by: (1) Taking reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the customer information at issue; and (2) Requiring FDU’s service providers by contract to implement and maintain such safeguards.

(E) Evaluate and adjust FDU’s information security program in light of the results of the testing and monitoring required by this Policy ; any material changes to FDU’s operations or business arrangements; or any other circumstances that are known or have reason to be known as having a material impact on FDU’s information security program.

---

The following PDF is an example of a completed assessment survey from OIRT:

---

Being connected to the internet suggests that the internet is connected to you. Without concern and proper safeguards to protect the information you share, you are at a greater risk of cybercrime.

The university assumes its share of responsibility to protect sensitive information but you must do the same. The vast majority of data and identify thefts are not the result of enterprise breaches but a direct consequence of individuals who are complacent about sharing sensitive information or unaware of the risks.

Please take a moment to review this video to obtain a better understanding of how you can help protect yourself from cybercrime.

SAMI Support requires a valid NetID and password, as well as DUO multi-factor authentication in order to access. Once the portal is accessed, you have the ability to generate a new ticket, review existing or closed tickets & view the IT Knowledgebase for information that can assist you with resolving problems. The SAMI Support Portal can be accessed by using the button below:

SAMI Support Portal

If you need to open a request and cannot access SAMI Support for any of the reasons below, please complete this request form or contact the Fairleigh Dickinson University Technical Assistance Center (UTAC). A member of the IT support team will assist you via phone call or email.

• I do not have a valid University issued NetID
• I am not able to authenticate through DUO
• I have not set up my DUO account
• I am a vendor without a University issued NetID
• I am an admitted student
• I am a newly hired employee or adjunct
• My FDU account is locked
• I need my Net ID password reset and have already attempted to do that through identity.fdu.edu

SAMI Support Public Request

Introduction

This document outlines the university approved process for securely deleting Personal Information (PI) and Protected Health Information (PHI) after the PI or PHI has been encrypted.

Prerequisite

Eraser Portable® Secure Data Remove software needs to be installed on your computer. Please contact the Fairleigh Dickinson University Technical Assistance Center (UTAC) to request the installation of this software. A member of USAN will assist with the installation and setup of the software.

Document Deletion Process

To securely delete an unencrypted version of a document that contain PI and/or PHI that has been encrypted, complete the following steps:

1. Find the “Secure Deletion” shortcut folder on your computer desktop screen
2. Cut and paste the unencrypted version of the file to be deleted into this folder
3. Find the “Eraser Portable” shortcut folder on your computer desktop screen and click to open the folder
4. Double Click on “EraserPortable.exe“. The screen below will appear
5. Click on the Green Run arrow to erase the file securely

6. A dialogue box will appear

7. Click “Yes“
8. When the deletion process completes, you will see a report appear

9. You may check your “Secure Deletion” folder to see if all documents have been erased

Outlook E-mail Deletion Process

To securely remove emails which contain PI and PHI from your Outlook client, complete the following steps:

1. Delete the email from your Inbox and/or Sent items folder
2. Delete the email from your Deleted Items
3. Go to “Recover Deleted Items“
4. Highlight Deleted Items Folder

5. Then go to Folder > Recover Deleted Items

6. Highlight email which requires permanent deleting and select “Purge Selected Items” and then click “OK“. Now message is permanently out of your email system

7. Finally, click “OK” on the following screen

This document outlines the University approved process for securely encrypting Personally Identifiable Information (PII).

Prerequisite

7Zip software needs to be installed on the end user’s computer. Please contact the Fairleigh Dickinson University Technical Assistance Center (UTAC) to request the installation of this software. If justification is needed, notify UTAC that 7Zip is needed to encrypt documents containing PII.

Process

Encrypting Files and Folders

To encrypt a single file, find the file in your directory (or where you have it saved).

1. Right click on the document (do not open the document)
2. On the drop down menu, Find 7zip
3. Click “Add to archive…“
4. When 7zip opens, there are three (3) settings which need to be changed:
   • Archive Format = Select zip from drop down
   • Encryption Method = select AES-256 from drop down
   • Check “show password” and type in a password that the user creates
   • Click “OK“
   • A 7Zip Archive with the encrypted document will now appear in your directory

NOTE: Do not utilize any password that you use to access internal systems. The password cannot be recovered if forgotten.

Editing Encrypted Files and Folders

When editing an encrypted file or folder, you must make sure that you leave the 7zip archive open. If you close the archive, you will be able to work on the document, but it will not save.

Opening an Encrypted File or Folder

To open an encrypted file or folder:

1. Right click on the 7Zip archive
2. On the drop down menu, find 7Zip
3. Click on the first “Open archive”
4. Click to open your document

Saving an Encrypted File or Folder

To save an encrypted file or folder:

1. Save the document as normal
2. Upon closing document, the 7Zip archive will prompt the user to save the changes