IT Security Policies, Procedures, and Guidelines
For Students, Faculty, Staff, Guests, Alumni
This repository contains the IT Security's policies, procedures, and guidelines regarding technology resources and services. The Office of Information Technology provides resources and services to advance the University's educational, research, and business objectives. Access to or using IT Resources that interfere, interrupt, or conflict with these purposes is unacceptable. These documents provide notice of the University's expectations to all who use and manage services, including, but not limited to, computing, networking, communications, application, telecommunications systems, infrastructure, hardware, software, data, databases, personnel, procedures, physical facilities, cloud-based vendors, Software as a Service (SaaS) vendors, and any related materials.
Deviations from policies, procedures, or guidelines published and approved by Information Security and Assurance (ISA) may only be done cooperatively between ISA and the requesting entity with sufficient time to allow for appropriate risk analysis, documentation, and possible presentation to authorized University representatives. Failure to adhere to ISA written policies may be met with University sanctions.
IT Security Policies
- Acceptable Use of IT Infrastructure and Resources
- Account Access Change Control
- Anti-Spoofing
- Antivirus Protection
- Audit and Accountability
- Authorized Access to Electronic Information (Policy)
- Backup
- Business Continuity and Disaster Recovery
- Change Control
- Cloud Server Technical Control Requirements
- Configuration Management
- Corporate Accounts (Policy)
- Data at Rest
- Data Center Sign In/Out
- Data Classification and Protection
- Data Documentation
- Data in Transit
- Device Sanitization
- Disk Encryption
- Dual-Homed Network
- Email Retention
- Emergency Access via Privileged Access Management
- End of Life
- Extensions and Application Auxiliary Services
- Firewall/Access Control List
- Generic Accounts
- Hosting and Sharing Content
- Information Security Breach Response
- Information Security Incident Response
- Internet of Things
- IT Security's Policy on Policies
- IT Resources Relocation
- IT Resources Remote Access
- IT Security
- Limitations on Production Data on Non-Production Environments
- Local Device Backup
- Logging Standards
- Multi-Factor Authentication
- Password Management
- Patch Management
- PCI Hardware Maintenance
- PCI Network Protocol
- PCI Security Testing
- Peer-to-Peer
- Physical Access
- Privileged Access Control
- Provisioning and Deprovisioning
- Risk Assessment
- Role-Based Email Accounts
- Secure Data Handling
- Server Certificate Security
- Secure Software Development Life Cycle (Policy)
- Systems Hardening
- System and Communications Protection
- Temporary Student (TS) Accounts
- Third-Party Data Transfer (Policy)
- Third-Party Integration (Policy)
- Third-Party Sensitive Data Handling Inventory
- Vulnerability Management (Policy)
- Wireless Use
- Web Application Security