IT Security Policy

Responsible Office

Information Technology


Faculty, Staff, and Students

Maintaining the security, confidentiality, integrity, and availability of information stored in the university’s computer networks and data communications infrastructure (“university systems”) is a responsibility shared by all users of those systems.  All users of university systems are responsible for protecting those resources and the information processed, stored or transmitted thereby as set forth in this policy.  Violations of this policy may result in disciplinary action up to and including termination or expulsion.

Overview of issue

Information is a vital university asset and requires protection from unauthorized, inappropriate, and/or accidental access, modification, disclosure or destruction.   This policy sets forth requirements for incorporation of information security practices into daily usage of university systems and information.

  1. Maintaining the Integrity of Information
    The completeness and usefulness of Information is dependent upon every user taking appropriate measures to protect the integrity of data access, transmitted, and stored.  These measures include, but are not limited to: accessing data that is appropriate for one's professional duties, protecting computers and systems from viruses, maintaining strong and protecting passwords, abiding by the university’s Appropriate use of Technology policy, and ensuring university owned computers are current with critical patches or updates.
  2. Maintaining the Confidentiality of Information
    All members of the university community are obligated to respect and protect confidential data.  The university
    strongly discourages storage of any confidential or sensitive data on any computer or network-attached device.
    Reasonable measures to maintain confidentiality include, but aren’t limited to: utilizing a host-based firewall to limit access to computers & systems, refraining from commenting, posting, downloading, saving, or distributing confidential and/or sensitive data, securely remove data from media once the data and/or the device is no longer required, and encrypt confidential data when stored or being transmitted.
  3. Maintaining the Availability of Information
    Critical to the usage of university information is the availability of this information.  Reasonable measures to maintain availability include: reporting questionable, suspicious, or malicious activity as it relates to access, transmission, and/or storage of data, taking precautions to lock computers when not in use and securing doors when leaving offices, using secure communication means when accessing data remotely, and verifying that computers and systems are backed up regularly.

Change Control

Created: Arthur Brant, Mar 1, 2013
Last Updated: Arthur Brant, Mar 1, 2013
Submitted To: CIO Cabinet