Loyola University Chicago

- Navigation -

Loyola University Chicago

Information Technology Services

Computer Security Standard

 

 Scope:

This standard applies to all computers, defined as any workstation, desktop or laptops that are:

The owner of a computer may use it at his or her discretion; however, once that computer is connected to the University network or is used to store university data, it is subject to applicable laws and regulations, and to University policies.

 

Purpose:

The purpose of this document is to establish standards for the base configuration of University computers. Effective implementation of this standard will minimize security incidents involving University resources.

This document is broken up into two sections: Baseline Standards, and High Security

Standard. All in scope computers will be configured to the baseline standard. All computers connected to high security systems will conform to both the Baseline Standard and the High Security Standard.

 

Standards:

The following sections must be adhered to by the user of the computer. Baseline Standards

 

HighSecurityStandard

All computers procured through, operated or contracted by the University and connected to, or interacting with, a high security network zone, as defined in the ITS Network Firewall Policy, or store Loyola Protected Data, must adhere to the following rules in addition to the Baseline Standard:

  1. All approved remote access will comply with the ITS Access Control Policy.
  2. All approved remote access techniques will be encrypted between the computer and the remote machine.
  3. The user is encouraged to use an alternative browser, such as Firefox.
  4. In instances where an alternative browser is not available, Internet Explorer (IE) can be used as long as ActiveX is disabled on all IE zones except Trusted.
  5. Trusted zones may be explicitly enabled for specific web sites on an as needed basis.

 

 

Exceptions

Exceptions to this policy will be handled in accordance with the ITS Security Policy.

 

Review

This policy will be maintained in accordance with the ITS Security Policy.

 

Emergencies

In emergency cases, actions may be taken by the Incident Response Team in accordance with the procedures in the ITS Incident Response Handbook. These actions may include rendering systems inaccessible.

 

Appendix

Documents Referenced

Disposal of Loyola Protected Data & Loyola Sensitive Data Policy

Electronic Security of Loyola Protected Data & Loyola Sensitive Data Policy

Access Control Policy

Antivirus Standard

Incident Response Plan

Log Management Standard

Network Firewall Standard

Password Standard

Security Policy

Supported Operating Systems

 

Guidelines

CIS_Microsoft_Windows_7_Benchmark_v1.2.0.pdf CIS_SUSE_Linux_Benchmark_v2.0.pdf CIS_VM_Benchmark_v1.1.0.pdf

 

 

 

Definitions

 

HighSecuritySystems Servers, applications or network computers that store, process or transmit Loyola Protected Data, per the Data Classification Policy.

 

 

 

ServiceAccounts User accounts that are required by applications as part of their normal function and operation. These accounts are not used by users to login interactively.

 

 

 

History

 

January 24, 2011: Initial Policy
October 22, 2012: Corrected links, Removed vendor specific references
July 12, 2013: Corrected Links
September 16, 2014: Added supported operating system reference
June 22, 2015: Annual review for PCI Compliance, removed CIS reference for XP

 

 

 

 

Loyola

Information Technology Services
1032 W. Sheridan Ave. · Chicago, IL 60660 · 773.508-4ITS

InfoServices@luc.edu

Notice of Non-discriminatory Policy