ISU Standard for Computer System Workstation Security

Introduction

ISU Employees must comply with all University policies while working in either an on-campus or alternative/remote environment, including those that pertain to information and device security. This standard is applicable via the Section 800 Information Technology Policies contained in the university policy handbook available at:  Information Technology Policies | Indiana State University (indstate.edu)  

Workstation Security Standard

• 810 Acceptable Use of Information Technology
  • ISU Employees must:
    • At no time provide their password to anyone, including family members.
    • Lock the workstation before leaving it unattended, even if the expected time away is brief.
    • Have a secure designated worksite that must be established either on-campus and/or at an alternative/remote environment for day to day work activities.  (Alternative/remote worksites must be physically secure with an expectation of privacy at the same level as an on-campus worksite.)
    • Use ISU-managed system to fulfill all work responsibilities on-campus or at alternative/remote environments.
      • The ISU-managed system must be properly configured with an approved and supported standard operating system, software, and web/telecommunication capabilities. No unapproved modifications of the deployed ISU-managed system baseline will be made.
    • Have a reliable internet service provider with necessary bandwidth at their working location. Employees are responsible for providing their own internet and phone services at alternative/remote environments. Wireless networks must be secured with strong passwords and modern security protocols (such as WPA2).
    • Use ISU managed VPN access for access to sensitive systems and departmental file shares from alternative/remote worksites and access from any public network during authorized travel.
    • Not install/use personal VPNs on ISU managed workstations.
    • Are responsible for any university-owned equipment and software used at alternative/remote worksites and are personally responsible for any such equipment that is lost, stolen, or damaged due to the employee's negligence, misuse, or abuse.
      • ISU will solely repair and maintain any provided equipment unless otherwise authorized. The employee will be responsible for:
        1. any intentional damage to the equipment;
        2. damage resulting from negligence by the employee or anyone present at an alternative/remote worksite;
        3. damage resulting from a power surge if no surge protector is used; and
        4. maintaining the system/device to ISU’s configuration and security baseline.
• 830 Data Security and Management
  • Abide by data security standards for protecting and controlling sensitive or restricted information in both hardcopy and electronic format.
  • Host virtual meetings with MS Teams, Zoom, or other appropriate ISU-supported, secure virtual conferencing platforms.
  • Create, modify, or store data while either working on-campus or remotely using an ISU-managed system and ISU supported storage such as OneDrive for Business or the network file share.

Conclusion

It is expected that all ISU employees adhere to this security standard.