Network Service Policy



Similar documents
Acceptable Use Policy

Network Security Policy

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Network Security Policy

Account Management Standards

Payment Card Industry Data Security Standard

AASTMT Acceptable Use Policy

Vulnerability Management Policy

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Title: Data Security Policy Code: Date: rev Approved: WPL INTRODUCTION

New River Community College. Information Technology Policy and Procedure Manual

OSU INSTITUTE OF TECHNOLOGY POLICY & PROCEDURES

March

Information Technology Cyber Security Policy

Information Technology Security Procedures

Information Security Policy and Handbook Overview. ITSS Information Security June 2015

1 Purpose Scope Roles and Responsibilities Physical & Environmental Security Access Control to the Network...

Wellesley College Written Information Security Program

TECHNOLOGY ACCEPTABLE USE POLICY

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

Information Technology Services Guidelines

Approved 12/14/11. FIREWALL POLICY INTERNAL USE ONLY Page 2

Secure network guest access with the Avaya Identity Engines portfolio

Responsible Administrative Unit: Computing, Communications & Information Technologies. Information Technology Appropriate Use Policy

Computer Use Policy Approved by the Ohio Wesleyan University Faculty: March 24, 2014

Contact: Henry Torres, (870)

ADMINISTRATIVE POLICY # (2014) Remote Access. Policy Number: ADMINISTRATIVE POLICY # (2014) Remote Access

Acceptable Use Policy

Internet usage Policy

Newcastle University Information Security Procedures Version 3

Musina Local Municipality. Information and Communication Technology User Account Management Policy -Draft-

Information Resources Security Guidelines

City of Boston Department of Innovation and Technology Policy Title: Information Technology Resource Use Policy Effective Date: April 1, 2011

Acceptable Use Policy

Franciscan University of Steubenville Information Security Policy

This policy applies to all GPC units that process, transmit, or handle cardholder information in a physical or electronic format.

UNIVERSITY GUIDEBOOK. Title of Policy: Acceptable Use of University Technology Resources

CREDIT CARD PROCESSING POLICY AND PROCEDURES

CTS2134 Introduction to Networking. Module Network Security

State of New Mexico Statewide Architectural Configuration Requirements. Title: Network Security Standard S-STD Effective Date: April 7, 2005

New Mexico Highlands University (NMHU) Information Technology Services (ITS) Information Technology Resources Policy: Internet, Intranet, ,

Delaware State University Policy

IT Governance Committee Review and Recommendation

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

Odessa College Use of Computer Resources Policy Policy Date: November 2010

How To Protect The Time System From Being Hacked

State of Illinois Department of Central Management Services GENERAL SECURITY FOR STATEWIDE NETWORK RESOURCES POLICY

MISSISSIPPI DEPARTMENT OF HEALTH COMPUTER NETWORK AND INTERNET ACCESS POLICY

OLYMPIC COLLEGE POLICY

MOBILE DEVICE SECURITY POLICY

Ti m b u k t up ro. Timbuktu Pro Enterprise Security White Paper. Contents. A secure approach to deployment of remote control technology

DATA SECURITY AGREEMENT. Addendum # to Contract #

STRATEGIC POLICY. Information Security Policy Documentation. Network Management Policy. 1. Introduction

PCI PA - DSS. Point ipos Implementation Guide. Version VeriFone Vx820 using the Point ipos Payment Core

Information Technology Acceptable Use Policy

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

Payment Card Industry - Data Security Standard (PCI-DSS) Security Policy

Addressing the Use of Alcohol

How To Protect Your School From A Breach Of Security

Basics of Internet Security

Consensus Policy Resource Community. Lab Security Policy

Central Texas College District Human Resource Management Operating Policies and Procedures Manual Policy No. 294: Computer Security Policy

Payment Card Industry (PCI) Policy Manual. Network and Computer Services

MEMORANDUM INFORMATION TECHNOLOGY SERVICES DEPARTMENT

CITY OF BOULDER *** POLICIES AND PROCEDURES

Standard: Network Security

APPROVED BY: DATE: NUMBER: PAGE: 1 of 9

NETWORK SECURITY GUIDELINES

PCI PA - DSS. Point BKX Implementation Guide. Version Atos Xenta, Atos Xenteo and Atos Yomani using the Point BKX Payment Core

Network & Information Security Policy

Information Security Program Management Standard

Insert GNIS Logo Here. Acceptable Use Policy & Guidelines Information Technology Policies & Procedures. Guangzhou Nanhu International School

CITY OF SAN DIEGO ADMINISTRATIVE REGULATION Number PAYMENT CARD INDUSTRY (PCI) COMPLIANCE POLICY. Page 1 of 9.

BUCKEYE EXPRESS HIGH SPEED INTERNET SERVICE ACCEPTABLE USE POLICY

Internet & Cell Phone Usage Policy

Southern Law Center Law Center Policy #IT0014. Title: Privacy Expectations for SULC Computing Resources

ORANGE REGIONAL MEDICAL CENTER Hospital Wide Policy/Procedure

ICT USER ACCOUNT MANAGEMENT POLICY

Potential Targets - Field Devices

Transcription:

Network Service Policy

TABLE OF CONTENTS PURPOSE... 3 SCOPE... 3 AUDIENCE... 3 COMPLIANCE & ENFORCEMENT... 3 POLICY STATEMENTS... 4 1. General... 4 2. Administrative Standards... 4 3. Network Use... 5 4. Monitoring/Altering Network Traffic... 5 5. Guest/Temporary Network Use... 5 6. Technical Standards... 5 LEGAL CONFLICTS... 6 EXCEPTIONS... 6 COMMENTS... 6 RELATED DOCUMENTS... 6 REFERENCES... 6 MANDATES... 6 DOCUMENT CONTROL INFORMATION... 6 REVISION HISTORY... 7 Page 2 of 7

Purpose The University will provide the required infrastructure for enterprise-wide local area network services, (including wireless) and connections to the internet, internet-2 and other external networks to further the mission of the University. This policy is to assure that the integrity, security, availability and necessary resources of the University network is maintained. Scope The scope of this policy applies to all businesses entities within Saint Leo University globally. Audience The Policy applies to all Saint Leo University personnel, contractors, and visitors. The term "personnel" refers to all full-time, part-time, interns, students, temporary employees attending or hired directly by Saint Leo University and on the Saint Leo University payroll. Also, the term contractor refers to anyone who is on another University s payroll (contactors, outsourcers, consultants, contingent workers, temporary agency workers, etc.). Throughout this Policy, Saint Leo University, Saint Leo, our, we, and the University refer to Saint Leo University. Personnel, contractor, you and yours refer to you as an employee/ representative of Saint Leo University. This Policy applies to Saint Leo University, all wholly owned subsidiaries, subsidiaries in which Saint Leo University has a controlling interest. Compliance & Enforcement Compliance with this Policy is mandatory and applies to all Saint Leo University personnel and contractors globally including at any of its subsidiaries or units as well as authorized representatives. Saint Leo University reserves the right to modify the Policy at its sole discretion. All Saint Leo University personnel and contractors are responsible for complying with this Policy. A violation of this Policy may result in disciplinary action, up to and including termination. Violators may also be subject to legal action, including civil and/or criminal prosecution. Saint Leo University also reserves the right to take any other action it believes is appropriate based on the severity of the infraction. This Policy also represents a statement of intent, any behavior or act violating the spirit of this Policy is also subject to disciplinary action in a fashion similar to a policy violation. Saint Leo University personnel and contractors should also note that with specific authorization and approval from senior management, there are some business programs or services which are exempt from portions of this Policy. Saint Leo University Personnel and contractors must contact their manager or supervisor if they do not understand this Policy, are unable to comply with this Policy, or have questions regarding Policy. Page 3 of 7

Policy Statements 1. General 1.1. Passwords to University accounts and devices must be kept confidential. 1.2. To preserve account integrity, the owner of the account should be the only person with knowledge of the password. 1.3. No user is required to share a University account password with another individual; including but not limited to managers, co-workers, or technical staff. 1.4. Notification of password expiration will be provided to account holders 7 days in advance and every day after until password expiration if you log into the Saint Leo portal. 1.5. Saint Leo University personal will NEVER ask for your password. 2. Administrative Standards 2.1. Network Configuration Authority 2.1.1. University Technology Service provides all network address assignments. 2.1.2. Unauthorized University network installations or modifications will not receive IP addresses for computing devices on the unauthorized network. 2.1.3. Such devices will be physically disconnected from the University network and the device's IP and/or MAC addresses will be blocked from University network access. 2.1.4. This includes wireless networks not connected to the University's enterprise network and/or private network devices operating within University facilities or University campuses. 2.2. Connecting to University and affiliated computing resources from outside the University network 2.2.1. All connections to these resources (servers, personal computing devices, networking equipment, etc.) must, except as noted, follow these standards: 2.2.2. Be via a secure and/or encrypted connection such as a VPN, secure HTTP, secure FTP, SSH, direct dial-in or other secure and/or encrypted method 2.2.3. Be configured so that a user account and password is required and be compliant with the policies and standards described in Acceptable Use 2.2.4. If the connection is by a contractor an Acceptable Use Agreement must be completed. 2.2.5. Connection interface (a VPN or dial-in vendor service line, for example) used for occasional connections should be disabled except during the periods when the connection capability is expected to be used. Page 4 of 7

3. Network Use 3.1. Under no circumstances is a Saint Leo University personnel authorized to engage in any activity that is illegal under local, state, or federal law while using Saint Leo University resources. 3.2. Faculty, staff and administrators with University LAN accounts usually receive secure personal drive space accessed via the LAN for individual use 4. Monitoring/Altering Network Traffic 4.1. Users are expected to use end user applications such as network drive access, email and similar programs, as they are intended to be used on the University network. 4.2. Scanning of the network, "packet sniffing", packet interception/copying/decryption and any other means of reading, altering, spoofing or otherwise monitoring and/or changing network communications is forbidden without specific approval in writing from both the Information Security Officer and Network Group. 4.3. The University reserves the right to analyze network traffic at any time deemed necessary by either manual or automated means. For example, the University may specifically monitor network traffic if instructed by legal authorities or for the purpose of assessing system integrity, performance, management or possible policy violation 5. Guest/Temporary Network Use 5.1. Guest access to the wired network requires faculty, staff or administrator account sponsorship. 5.2. Limited guest access to the wireless network is available for visitors of the University and may be requested by faculty or staff. Guest access will expire after one week 6. Technical Standards 6.1. General 6.1.1. All enterprise level authentication requirements external to an application must be configured to use the University's Enterprise directory services. (Note: This also allows easier configuration of single sign-on abilities. 6.1.2. Full authenticated network access requires a secure wireless connection and client software that supports current University secure wireless standards 6.2. Wireless 6.2.1. Full authenticated network access requires a secure wireless connection and client software that supports current University secure wireless standards. 6.2.2. A Wireless adapter card that fully supports 802.1x is required to access the network. 6.3. Voice Page 5 of 7

6.3.1. The University's Voice Networking (Voice Over Internet Protocol - VOIP) provided by Information Technology is based on FCC standards and specifications. 6.3.2. This consists of the telecommunications services, dial tones, telecommunications equipment, and specialized circuitry 6.3.3. All VOIP connections are maintained and provisioned by the UTS Department Legal Conflicts Saint Leo University policies were drafted to meet or exceed the protections found in existing laws and regulations, and any policy believed to be in conflict with existing laws or regulations must be promptly reported to the Saint Leo University Grand Counsel. Exceptions Exceptional circumstances occur from time to time. In these situations, consult Saint Leo University Security Team for guidance. Comments N/A Related Documents References Mandates Document Control Information Document Control Information Primary Contact Unknown Version Number 1.0 Owner Saint Leo University Information Security Team Author(s) Approved By Approval Date Effective Date TBD Creation Date February 17, 2012 Information Classification Saint Leo University Confidential Page 6 of 7

Revision History Revision Level Date Description Change Summary 1.0 2013 Febr ua ry Ori gi na l 1.1 2013 Febr ua ry An n ua l R ev iew Page 7 of 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information