Policy Number: ITS 103 | Policy Title: Computer Security |
Supersedes Existing Policy? N | Policy Owner: Senior Director of Infrastructure |
Associated Procedure: N | Date Last Approved by CET: November 20, 2018 |
Related Documents and Links |
1. Introduction and Purpose
Many computer security vulnerabilities occur while end users perform their daily business functions.
The purpose of this policy is to provide a framework for the secure use of Loyalist College devices to protect the College’s data, information, software and hardware from cyber threats.
2. Application
This policy applies anyone using a Loyalist College issued device, or a non-College issued device to access the College’s computer system.
3. Definitions
Device: a desktop, laptop, tablet, smartphone or any other machine that can be used to access the Loyalist College computer system.
Portable Storage Device: a USB pen or thumb drive, external hard drives etc.
ITS: Loyalist College’s Information Technology Services
Sensitive Information/Personal Information: includes, but is not limited to: personal address, personal phone number, personal financial information, personal health information and personal demographic information as seen on driver licenses, health cards and passports.
URL (uniform resource locator): the address of a resource on the internet, i.e., web address.
4. Policy Statement
To minimize security risks, ITS uses a variety of automated tools to scan, evaluate and block high risk items including: attachment blocking for high risk files, URL lookup and evaluation, cloud based reputation of sender & content, keyword matching, anti-virus scanning, and sensitive data filtering.
Computer security is not only the responsibility of ITS, but of all members of the Loyalist College community. It is vital that each member of the College community understands their role in protecting Loyalist systems.
5. Staff Training
Loyalist staff are required to complete a computer security training session when initially hired. This training session is delivered online through a self-paced course.
6. Passwords
Loyalist users are required to choose passwords that are not easy to guess, or are easily obtained though tools like social media.
Passwords should not be shared with any other person, including other users of Loyalist College, including colleagues, even when it supports work activities (e.g., for vacation coverage).
7. Sending Sensitive Data via Email
Sensitive or private data should not be transmitted using email, with the exception of passwords to College systems, which may be sent using email when there is no other communication method available AND when the password is set to force a change at the first use.
8. Computer Configuration and Software
ITS will preconfigure all College issued devices and these settings may not be changed without approval from IT services. Only ITS personnel can install new software onto a Loyalist College issued computer.
ITS will install only current and up to date software. Software that is considered to be at the end of its life will no longer be permitted on Loyalist computer systems and the installed products will be removed.
9. Encryption of Portable Storage Devices
All College issued portable storage devices are configured to encrypt the contents of its disk in order to prevent unauthorized access in the event it is lost or stolen. Once ITS has enabled disk encryption users may not disable the feature.
10. Computer Security
A computer is considered locked when a password is required to use it. Users are required to lock their computers when leaving it unattended to prevent unauthorized access. Passwords are to be unique and must be reset every 120 days.