Auditor de cumplimiento (sistemas)

Information Technology Policies And Procedures
April 13, 2005

Introduction
University information technology resources constitute a valuable University asset that must be managed accordingly to ensure their integrity, security, and availability for teaching, research and business activities. Carrying out this mission requires the University to establish basic Information Security policiesand standards and to provide both access and reasonable Security at an acceptable cost. The University Information Technology Policies and Procedures are intended to facilitate and support authorized access to University information. The purpose of the University Information Policies and Procedures is:
• • •

•

To establish University-wide Protocol for Information Security. To help identifyand prevent the compromise of Information Security and the misuse of University information technology resources. To protect the reputation of the University and to allow the University to satisfy its legal and ethical responsibilities with regard to its information technology resources. To enable the University to respond to complaints and queries about real or perceived non-compliance with theUniversity Information Technology Policies and Procedures.

Defined Terms
The definitions of capitalized words and phrases in these Policies and Procedures have special meanings. Their definitions appear in Appendix A and readers should review those terms prior to reading these Policies and Procedures and thereafter refer to them as needed.

Responsibility
Authorized Users of Universityinformation technology resources are personally responsible for complying with all University policies, procedures and standards relating to Information Security, regardless of campus center or location and will be held personally accountable for any misuse of these resources.

2

Amendments
Proposals for amendments to this document may be submitted to the Information Technology ServicesDepartment for review. If the review results in the need to amend the Information Technology Policies and Procedures Manual, Information Security personnel and the Vice President and General Counsel will draft the proposed amendment. The proposed amendment will be forwarded to the Information Technology Policies and Procedures Review Committee. Upon approval by that committee, the proposed amendmentwill be forwarded to the Executive Staff for review and if approved, for inclusion in the Information Technology Policies and Procedures Manual.

3

Table of Contents
Unauthorized Use Policy .............................................................................5 Guest User Policy ........................................................................................6 UniversityConfidentiality Policy ................................................................7 Acceptable Use Policy .................................................................................8 Electronic Communications Policy............................................................14 Password Policy .........................................................................................16Acceptable Encryption Policy....................................................................21 Remote Access Policy................................................................................22 Virtual Private Network Policy..................................................................25 Physical Security Policy............................................................................27 Workstation Configuration Security Policy...............................................30 Computer Lab Security Policy...................................................................33 Server Configuration Security Policy ........................................................36 “De-Militarized Zone” Network Equipment Policy ..................................39 Router Security Policy...