Purpose
The purpose of this policy describes the security measures implemented at Lynn University to safeguard access to the network by authenticated users.
Policy
Every device receiving an IP address and connected to the Lynn University network via wireless or wired should meet the following requirements:
- The latest hotfixes, patches and service packs should be installed on all devices in a timely manner and set to automatically download and install.
- Complex passwords should be used for any account on the device which has administrative privileges.
- A host based firewall for all computers must be installed and configured.
- An anti-virus product should be installed and running on the latest definition file.
- If FTP services are installed and used; Lynn University will not allow the use of anonymous login to the FTP site.
- All shares should be secured as the use of everyone access will not be allowed.
Definitions
Authorized user(s)-are all users of technology resources including, but not limited to, employees, temporary employees, faculty, students, alumni, campus visitors, contractors, vendors, consultants and their related personnel, and other users authorized by the university to access its systems and networks.
Information technology resources-are assigned computer accounts, email services, and the shared university network(s), which includes resources, staff and facilities operated by the university, whether owned, leased, used under license or by agreement, including, but not limited to: telephones (including electronic devices) and telephone equipment, voice mail, SMS, desktop laptop computers, electronic devices, hardware, software, networks, computing laboratories, databases, files, information, software licenses, computing-related contracts, network bandwidth, usernames, passwords, documentation, disks, CD-ROMs, DVDs, magnetic tapes, and other electronic media or storage devices. Email, chat, facsimiles, mail, any connection to the university's network(s) or use of any part of the university’s network(s) to access other networks, connections to the Internet that are intended to fulfill information processing and communications functions, communication services, hardware, including printers, scanners, facsimile machines, any off-campus computers and associated equipment provided for the purpose of university work or associated activities.
Institutional data - is any information, including directory information, PII, and student and employee financial information, and public information that can be linked to any individual, including but not limited to, students, faculty, staff, patients, or contractors. Institutional data and all applications storing and transmitting such data, regardless of the media on which they reside, are valuable assets, which the University has an obligation to manage, secure, and protect.
Employee financial information—that information the University has obtained from an employee in the process of offering a benefit or service. Offering a benefit or service includes all university sponsored benefit plans and university financial services such as flexible spending accounts, and personal payroll services. Examples of employee financial information include bank and credit card account numbers, income and credit histories and social security numbers, in both paper and electronic format.
Student financial information—that information the university has obtained from a student in the process of offering a financial product or service, or such information provided to the university by another financial institution. Offering a financial product or service includes offering student loans to students, receiving income tax information from a student's parent when offering a financial aid package, and other miscellaneous financial services as defined in 12 CFR 225.28. Examples of student financial information include bank and credit card account numbers, income and credit histories and social security numbers, in both paper and electronic format.
Procedures/Guidelines
Not applicable.
For more information about this policy, contact Information Technology.