Information Security Policy

The following are Division of Information Technology security policies:

  1. Restricted Access.

    Only authorized personnel will be allowed entry to computer machine rooms and data wiring closets. These are persons needed to operate, supervise or provide maintenance to the area and its equipment.

    • All ITD Network Infrastructure (NI) Network Engineers are issued keys to the Douglas Hall data center.
    • All non-ITD NI personnel must be escorted and signed in and out by the ITD NI Network Engineer(s) requiring assistance.
      • The sign-in sheet is hanging to the wall left of the inside of the door.
      • When signing in guests, the ITD NI Network Engineer(s) must include the Company name, name of the guests, the purpose of the visit and the time entering and exiting the data center.
      • Personnel entering data closets and the switch room (ADM 106) must complete the entry in the key log.
      • The sign-in sheet is hanging to the wall left of the inside of the door.
      • When signing in, personnel must include the Company name, what key is being taken, and the time removing and returning the keys.
      • These areas are to remain locked at all times
  2. Restricted On-line Access.

    Access to the system from outside the computer laboratories must be controlled with proper user ID and password codes which must be changed no less than three times a year.

  3. Leaving / Terminated Student/Faculty/Staff.

    All accounts for staff that separate from the University will be deleted or made inactive immediately. Passwords that the user had access to are changed. All keys are returned to the proper authorities.

  4. Power Supply.

    The computer machine room and data wiring closets must have all network/server equipment connected to an uninterruptible power supply (UPS).

  5. Air Conditioning.

    The computer machine room must have its own air conditioning system. The temperature and humidity levels will be monitored at all times.

  6. Fire Precautions.

    Fire extinguishers should be the safest possible and checked for compliance regularly. Smoke detector(s) must also be installed. Smoking is strictly prohibited in the computer machine rooms, computer laboratories, and data wiring closets at all times.

  7. Data Backup.

    All file systems must have a data backup procedure where data is being backed up on a regular basis. Some backup tapes will be kept onsite and other will be kept in a safety deposit box of campus. The same tapes will not be used night after night to guard against bad SAVES. The tapes will be logged and kept in a secure location. All backups must be tested regularly.

  8. Viruses.

    Anti virus software will be installed on all computers and updated regularly.

  9. Staff Cross-training.

    The Information Technology Division will cross-train staff to ensure that there are "backup staff" to perform critical operations.

  10. Hardware Failures.

    Service maintenance and warranty agreements must be properly maintained on all servers, networks, and peripheral equipment.

  11. Thefts

    All crucial equipment and information will be kept in secure locked areas to guard against theft. Network security equipment must also be installed and properly monitored and maintained. Additional security equipment such as cameras, key cards, etc can also be installed as necessary.

  12. Criminal Computer Activity.

    Any attempt to use Chicago State University computing systems and resources for the purposes of harassment, computer hacking, unauthorized use of another person's computer account, introduction of computer viruses, theft of information, or any activity that violates the integrity or interferes with the normal operation of the University's computer system or the work of another user is strictly prohibited.

Failure to comply with this policy will result in action which may include suspension of user privileges or other disciplinary action, including suspension or expulsion from the University or termination of University employment. In addition, violations may result in referral for prosecution by local state or federal authorities.