Information Technology Security

General

This section implements Integrated CSU Administrative Manual (ICSUAM) Policy 8045.0.

Protections against malicious software

The University employs technical means to exclude malicious software from University information assets. All University-issued workstation, desktop and laptop computers have centrally-managed endpoint anti-malware software installed. In addition, all University servers have appropriate anti-malware software installed, and incoming e-mail passes through an anti-spam and anti-virus system.

Network Security

The University operates a wireless network secured with WPA2 Enterprise. University-issued computers are configured to preferentially join this network. The University also operates an unsecured wireless network designed for guest usage of the World Wide Web. The operation of this network is currently under managerial review.

The University operates a virtual private network (VPN) to allow staff and faculty secure remote access. Usage of the University VPN is facilitated by T&I Business Practice BP-03-004.

The use of non-University assets on the University’s wired network is currently under managerial review.

Mobile Devices

The University is evaluating products for protecting the data on mobile devices.

Information Asset Monitoring

The University operates a central log repository. All T&I Infrastructure systems transmit logging information to this repository.

Logs other than firewall logs are retained for one year. After one year, the logs are archived to backup media and stored offsite. Firewall logs are retained for one month and thereafter archived to media and moved offsite.

Access to the log repository is limited to T&I Infrastructure and Information Security staff.

The monitoring or recording of traffic on the Channel Islands network is authorized, but only as described in applicable State or Federal laws, or in accordance with system-wide or University policy. In particular, T&I or Information Security staff will only monitor or record network communications as required to ensure quality of service, or to comply with applicable law.