Unapproved Information Technology Governance
Policies, Standards and Procedures
| Type | Name | Main Purpose/Description |
Compliance |
Created/Reviewed |
|---|---|---|---|---|
| Policy | Wireless Access Point Policy | Governs the establishment of wireless access to University resources. Faculty, Staff, Students, and Guests are prohibited from attaching any device operating as a wireless access point or router in any University building. | HEOA, DMCA PCI-DSS |
07/13/2005/ 07/17/2013 |
| Policy | ITS Antivirus Policy | Governs the establishment of wireless access to University resources. Faculty, Staff, Students, and Guests are prohibited from attaching any device operating as a wireless access point or router in any University building. | PCI-DSS | 09/05/2008/ 07/12/2013 |
| Policy | Access Control Policy | Governs the establishment of wireless access to University resources. Faculty, Staff, Students, and Guests are prohibited from attaching any device operating as a wireless access point or router in any University building. | PCI-DSS | 09/22/2009/ 07/12/2013 |
| Policy | Security Policy | Overarching policy that establishes the University’s approach to managing information security and risks. Provides guidance to identify and prevent compromises of information security around the University’s computing, networking, telephony and information resources. | PCI-DSS PIPA FERPA HIPAA |
06/16/2008/ 07/17/2013 |
| Procedure | Incident Response Plan & Appendix | Defines, in specific terms, what constitutes an information security incident and provides a step-by-step process that should be followed in the event an incident occurs. The appendix describes processes for specific incident types. | PCI-DSS, PIPA FERPA, HIPAA |
06/16/2008/ 07/17/2013 |
| Standard | Computer Security Standard | Establishes standards for the base configurations of University computers. Effective implementation of this standard will minimize information security incidents involving University resources. | PCI-DSS | 01/24/2011/ 07/12/2013 |
| Standard | Password Standards | Establishes standards for the base configurations of University computers. Effective implementation of this standard will minimize information security incidents involving University resources | PCI-DSS FERPA |
04/20/2007/ 07/17/2013 |
*DMCA – Digital Millennium Copyright Act, FERPA – Family Education Rights & Privacy Act, HEOA – Higher Education Opportunity Act, HIPAA – Health Insurance Portability & Accountability Act, PCI-DSS – Payment Card Industry Data Security Standard, PIPA – Personal Information Protection Act (Illinois)
Information Security Advisory Council Members
| Facilitator (ITS) | Jim Paronek | ITS | Jeffrey Apa | Reg & Rec | Diane Hullinger |
| Finance | Cory O'Brien | ITS | Charlotte Pullen | Reg & Rec | Eric Pittenger |
| Financial Aid | Tad Verdun | ITS | Cheryl Heckel | Risk Mgmt | Susan Bodin |
| HR | Carol McCormack | ITS | David Wieczorek | ITS/Ex-Officio | Jim Sibenaller |
| HR | Michael Capulong | OSCCR | Dana Broadnax |