Introduction | Purpose | Definitions | Systems | Networks | Desktops, Terminals, and Devices | Data | Applications | Access Control | Notifications | Sanctions | Ongoing

Security of Computers, Computer Systems and Servers

1. Each data steward will ensure that a business resumption plan is in place.
2. Each system manager will take reasonable action to provide necessary protection against natural disasters and will prepare adequate system disaster recovery plans and procedures.
3. Each system manager will establish an environment which provides appropriate physical access for authorized users of the computer systems. Appropriate access may range from open access by students on networked computers in departmental workstation laboratories to severely restricted access in offices responsible for creating, modifying or deleting confidential and/or sensitive information.
4. Each system manager will identify and analyze the risks of anticipated threats to physical security, identify responses and implement appropriate controls. This analysis and preparatory work will be recorded, maintained and updated as conditions change.
5. Each system manager is responsible for the installation and use of virus detection software, where appropriate, for the protection of information technology resources.
6. Each data or system manager, as appropriate, will provide and implement appropriate and adequate security measures to ensure recoverability of the information stored in computer systems.
7. Each system or data manager, as appropriate, is responsible for keeping computer systems secure by ensuring that maintenance is performed in a timely manner. Maintenance may include but is not limited to application of software patches, preventative maintenance, software, firmware or hardware upgrades, or if necessary, by the exclusion or removal of outdated, non-conforming computer systems.
8. Each system or data manager, as appropriate, is responsible for conducting periodic reviews of implemented security plans, measures, procedures and controls.
9. Each system manager must provide the means to permit authorized personnel to audit and establish individual identification for any action which may provide access to, modify or release confidential or sensitive information.
10. Each system manager must initiate an investigation of any suspected security breach involving a computer, computer system or server and is responsible for documenting the suspected breach and actions taken.