Body
Introduction
ISU Employees must comply with all University policies while working in either an on-campus or alternative/remote environment, including those that pertain to information and device security. This standard is applicable via the Section 800 Information Technology Policies contained in the university policy handbook available at: Information Technology Policies | Indiana State University (indstate.edu)
Workstation Security Standard
- 810 Acceptable Use of Information Technology
- ISU Employees must:
- At no time provide their password to anyone, including family members.
- Lock the workstation before leaving it unattended, even if the expected time away is brief.
- Have a secure designated worksite that must be established either on-campus and/or at an alternative/remote environment for day to day work activities. (Alternative/remote worksites must be physically secure with an expectation of privacy at the same level as an on-campus worksite.)
- Use ISU-managed system to fulfill all work responsibilities on-campus or at alternative/remote environments.
- The ISU-managed system must be properly configured with an approved and supported standard operating system, software, and web/telecommunication capabilities. No unapproved modifications of the deployed ISU-managed system baseline will be made.
- Have a reliable internet service provider with necessary bandwidth at their working location. Employees are responsible for providing their own internet and phone services at alternative/remote environments. Wireless networks must be secured with strong passwords and modern security protocols (such as WPA2).
- Use ISU managed VPN access for access to sensitive systems and departmental file shares from alternative/remote worksites and access from any public network during authorized travel.
- Not install/use personal VPNs on ISU managed workstations.
- Are responsible for any university-owned equipment and software used at alternative/remote worksites and are personally responsible for any such equipment that is lost, stolen, or damaged due to the employee's negligence, misuse, or abuse.
- ISU will solely repair and maintain any provided equipment unless otherwise authorized. The employee will be responsible for:
- any intentional damage to the equipment;
- damage resulting from negligence by the employee or anyone present at an alternative/remote worksite;
- damage resulting from a power surge if no surge protector is used; and
- maintaining the system/device to ISU’s configuration and security baseline.
- 830 Data Security and Management
- Abide by data security standards for protecting and controlling sensitive or restricted information in both hardcopy and electronic format.
- Host virtual meetings with MS Teams, Zoom, or other appropriate ISU-supported, secure virtual conferencing platforms.
- Create, modify, or store data while either working on-campus or remotely using an ISU-managed system and ISU supported storage such as OneDrive for Business or the network file share.
Conclusion
It is expected that all ISU employees adhere to this security standard.