Information Security Plan

Purpose

The purpose of the Information Technology Division (ITD) Data Security Plan is to ensure that steps to safeguard data information use, storage and transmission are established.

1. All access to computer servers/networks must be controlled through the use of accounts/passwords or other ITD approved means.

2. Physical access to key areas such as computer server rooms and storage
areas must be restricted to necessary personnel only. These areas are to be
locked at all times.

3. To protect data information from hackers and other forms of sabotage, the following will be implemented:

A. Firewall(s)

B. Anti-virus software and regular updates.

1. Servers
2. Microcomputers

C. Backups

1. Regular backups - full, incremental, etc.
2. Provide onsite and offsite storage of backups.

4. Monitoring by ITD staff of the computer servers and networks for any activity such as hacking, theft of information, unauthorized access to systems and files, or any activity that violates the integrity or interferes with the normal operation of the University's computer system or the work of another user.

5. The implementation of a University data information disaster recovery/contingency plan ensure adequate continuation of data information.

The plan should:

A. Updated regularly.

B. Tested regularly.

6. All University personnel must adhere to the "CSU Computer and Information Code of Conduct Policy for Chicago State University Employees".

7. All violations will be logged and modifications made to prevent future
violations.

8. Periodic assessment of firewalls, anti-virus software, and other security software and devices by ITD. Recommendations for improvement must be given to the Chief Information Officer.

9. Periodic assessment of all security violations and corrective actions taken.

10. All policies, plans, and rules must be made public and available for viewing for all users of data information. Examples include but are not limited to the Web, paper copies in computer laboratories and offices.