Security Policies
| Policy | Description | Target Audience | Reviewed |
|---|---|---|---|
| Access Control | Centralized computer facilities will be protected in physically secure locations with controlled access. They will also have appropriate environmental safeguards. Departmental computers housing Loyola Sensitive or Loyola Public data may require physical and environmental security safeguards. All servers containing Loyola Protected data must be housed in an approved ITS data center. | University Guests, Faculty, Students and Staff | July 1, 2020 |
| Antivirus | Regulates all computers using the Loyola network regarding the protection of information via accepted antivirus software. Computers and systems may be required to use antivirus software depending on their operating system. | University, Faculty, Students and Staff | August 6, 2020 |
| Computer Security Standard | Established standards for the base configuration of University computers. Effective implementation of this standard will minimize security incidents involving University resources. | University Guests, Faculty, Students and Staff | May 19, 2020 |
| Data Classification | Ensures that information about members of the University community is properly protected, all information will be classified in accordance with this policy. Information that is classified as Loyola Protected or Loyola Sensitive data will receive additional protections as described in the Personally Identifiable Information (PII) Protection Policies. Data deemed PCI-DSS relevant must comply with all PCI-DSS requirements as outlined by the PCI Data Security Standard Version 2.0. | University Guests, Faculty, Students and Staff | May 28, 2020 |
| Encryption Policy | This policy covers all computers, electronic devices, and media capable of storing electronic data that house Loyola Protected data or Loyola Sensitive data as defined by the Data Classification Policy. This policy also covers the circumstances under which encryption must be used when data is being transferred. | University Guests, Faculty, Students and Staff | May 28, 2020 |
| Incident Response Plan | Information security incidents have the potential to negatively impact members of the University community and to harm the University’s reputation. Therefore, it is important that all information security incidents are handled confidentially and appropriately. | University Guests, Faculty, Students and Staff | August 9, 2020 |
| Log Management Standard | Applies to all servers and network devices that handle, accept network connections, or make access control (authentication and authorization) decisions for Loyola Protected information. | University Guests, Faculty, Students and Staff | May 27, 2020 |
| Network Firewall Standard | Established uniform set of standards for implementing and maintaining established network firewall policies. Including, but not limited to, defining network security zones within the University’s network and the type and nature of traffic which will be allowed or denied access to those zones. Also, to maintain the stability of the network and increase the security for identified resources. | University, Faculty, Students and Staff | May 19, 2020 |
| Password Standards | Ensures that all electronic devices are secured by a password of a certain complexity, and that more sensitive access or devices have more complicated passwords. | University, Faculty, Students and Staff | July 1, 2020 |
| Router and Switch Security Standard | This standard describes a required minimal security configuration for all routers and switches connecting to a production network or used in a production capacity at or on behalf of Loyola University Chicago. | University, Faculty, Students and Staff | May 27, 2020 |
| Security Policy | Overarching policy that establishes the University’s approach to managing information security and risks. Provides guidance to identify and prevent compromises of information security around the University’s computing, networking, telephony and information resources. | University Guests, Faculty, Students and Staff | August 9, 2020 |
| Security Awareness | Effective information security requires a high level of participation from all members of the University and all must be well informed of their responsibilities. | University, Faculty, Students and Staff | August 9, 2020 |
| Vulnerability Risk Assessment | Security incidents are more likely to occur when there are unknown and unaddressed risks and vulnerabilities in information systems. Therefore, risk assessments will be conducted in accordance with the ITS Risk Assessment Process. In addition, the IT Security Team will periodically perform vulnerability assessments. | University, Faculty, Students and Staff | May 27, 2020 |
| Wireless Access Point Policy | Governs the establishment of wireless access to University resources. Faculty, Staff, Students, and Guests are prohibited from attaching any device operating as a wireless access point or router in any University building. | University Guests, Faculty, Students and Staff | July 14, 2020 |
| Policy | Description | Target Audience | Reviewed |
|---|---|---|---|
| Access Control | Centralized computer facilities will be protected in physically secure locations with controlled access. They will also have appropriate environmental safeguards. Departmental computers housing Loyola Sensitive or Loyola Public data may require physical and environmental security safeguards. All servers containing Loyola Protected data must be housed in an approved ITS data center. | University Guests, Faculty, Students and Staff | July 1, 2020 |
| Antivirus | Regulates all computers using the Loyola network regarding the protection of information via accepted antivirus software. Computers and systems may be required to use antivirus software depending on their operating system. | University, Faculty, Students and Staff | August 6, 2020 |
| Computer Security Standard | Established standards for the base configuration of University computers. Effective implementation of this standard will minimize security incidents involving University resources. | University Guests, Faculty, Students and Staff | May 19, 2020 |
| Data Classification | Ensures that information about members of the University community is properly protected, all information will be classified in accordance with this policy. Information that is classified as Loyola Protected or Loyola Sensitive data will receive additional protections as described in the Personally Identifiable Information (PII) Protection Policies. Data deemed PCI-DSS relevant must comply with all PCI-DSS requirements as outlined by the PCI Data Security Standard Version 2.0. | University Guests, Faculty, Students and Staff | May 28, 2020 |
| Encryption Policy | This policy covers all computers, electronic devices, and media capable of storing electronic data that house Loyola Protected data or Loyola Sensitive data as defined by the Data Classification Policy. This policy also covers the circumstances under which encryption must be used when data is being transferred. | University Guests, Faculty, Students and Staff | May 28, 2020 |
| Incident Response Plan | Information security incidents have the potential to negatively impact members of the University community and to harm the University’s reputation. Therefore, it is important that all information security incidents are handled confidentially and appropriately. | University Guests, Faculty, Students and Staff | August 9, 2020 |
| Log Management Standard | Applies to all servers and network devices that handle, accept network connections, or make access control (authentication and authorization) decisions for Loyola Protected information. | University Guests, Faculty, Students and Staff | May 27, 2020 |
| Network Firewall Standard | Established uniform set of standards for implementing and maintaining established network firewall policies. Including, but not limited to, defining network security zones within the University’s network and the type and nature of traffic which will be allowed or denied access to those zones. Also, to maintain the stability of the network and increase the security for identified resources. | University, Faculty, Students and Staff | May 19, 2020 |
| Password Standards | Ensures that all electronic devices are secured by a password of a certain complexity, and that more sensitive access or devices have more complicated passwords. | University, Faculty, Students and Staff | July 1, 2020 |
| Router and Switch Security Standard | This standard describes a required minimal security configuration for all routers and switches connecting to a production network or used in a production capacity at or on behalf of Loyola University Chicago. | University, Faculty, Students and Staff | May 27, 2020 |
| Security Policy | Overarching policy that establishes the University’s approach to managing information security and risks. Provides guidance to identify and prevent compromises of information security around the University’s computing, networking, telephony and information resources. | University Guests, Faculty, Students and Staff | August 9, 2020 |
| Security Awareness | Effective information security requires a high level of participation from all members of the University and all must be well informed of their responsibilities. | University, Faculty, Students and Staff | August 9, 2020 |
| Vulnerability Risk Assessment | Security incidents are more likely to occur when there are unknown and unaddressed risks and vulnerabilities in information systems. Therefore, risk assessments will be conducted in accordance with the ITS Risk Assessment Process. In addition, the IT Security Team will periodically perform vulnerability assessments. | University, Faculty, Students and Staff | May 27, 2020 |
| Wireless Access Point Policy | Governs the establishment of wireless access to University resources. Faculty, Staff, Students, and Guests are prohibited from attaching any device operating as a wireless access point or router in any University building. | University Guests, Faculty, Students and Staff | July 14, 2020 |