Loyola University Chicago

- Navigation -

Loyola University Chicago

Information Technology Services

Computer Security Standard

Scope

This standard applies to all computers, defined as any workstation, desktop or laptops that are:

The owner of a computer may use it at his or her discretion; however, once that computer is connected to the University network or is used to store university data, it is subject to applicable laws and regulations, and to University policies.

Purpose

The purpose of this document is to establish standards for the base configuration of University computers. Effective implementation of this standard will minimize security incidents involving University resources.

This document is broken up into two sections: Baseline Standards, and High Security Standard. All in scope computers will be configured to the baseline standard. All computers connected to high security systems will confirm to the High Security Standard.

Standards

The following sections must be adhered to by the user of the computer.

Baseline Standards

High Security Standard

All computers procured through, operated or contracted by the University and connected to, or interacting with, a high security network zone, as defined in the ITS Network Firewall Standard, or store Loyola Protected Data, must adhere to the following rules in addition to the Baseline Standard:

1. All approved remote access will comply with the ITS Access Control Policy.

2. All approved remote access techniques will be encrypted between the computer and the remote machine.

3. The user is encouraged to use an alternative browser, such as Firefox.

4. In instances where an alternative browser is not available, Internet Explorer (IE) can be used as long as ActiveX is disabled on all IE zones except Trusted.

5. Trusted zones may be explicitly enabled for specific web sites on an as needed basis.

This computer and network are provided for use by authorized members of the Loyola community. Use of this computer and network are subject to all applicable Loyola policies, including Information Technology Services Policies and Guidelines, and any applicable Loyola Handbooks. Any use of this computer or network constitutes acknowledgment that the user is subject to all applicable policies. Any other use is prohibited.

Users of any networked system, including this computer, should be aware that due to the nature of electronic communications, any information conveyed via a computer or a network may not be private. Sensitive communications should be encrypted or communicated via an alternative method.

Exceptions

Exceptions to this policy will be handled in accordance with the ITS Security Policy.

Review

This policy will be maintained in accordance with the ITS Security Policy.

Emergencies

In emergency cases, actions may be taken by the Incident Response Team in accordance with the procedures in the ITS Incident Response Handbook. These actions may include rendering systems inaccessible. 

Appendix

Documents Referenced

Disposal of Loyola Protected Data & Loyola Sensitive Data Policy

Electronic Security of Loyola Protected Data & Loyola Sensitive Data Policy

Access Control Policy

Antivirus Standard

Incident Response Plan

Log Management Standard

Network Firewall Standard

Password Standard

Security Policy

Guidelines

(http://benchmarks.cisecurity.org/) CIS_WindowsXP_Benchmark_v2.01.pdf CIS_SUSE_Linux_Benchmark_v2.0.pdf CIS_VM_Benchmark_v1.1.0.pdf

Definitions

High Security Systems – Servers, applications or network computers that store, process or transmit Loyola Protected Data, per the Data Classification Policy.

Service Accounts – User accounts that are required by applications as part of their normal function and operation. These accounts are not used by users to login interactively.

History and Updates

January 24, 2011: Initial Policy
October 19, 2012: Annual Review for PCI Compliance
October 22, 2012: corrected links, Removed vendor specific references
July 12, 2013: Annual Review for PCI Compliance, Corrected Links
Author: UISO
Version: 1.2
 
 
PDF FILE DOWNLOAD

Loyola

Information Technology Services
1032 W. Sheridan Ave. · Chicago, IL 60660 · 773.508-4ITS

InfoServices@luc.edu

Notice of Non-discriminatory Policy