Security Requirements for Faculty and Staff

Kent State University recognizes the need for vigilant security measures necessary to maintain the integrity of the electronic information produced by the Kent State community. As information technology is often changing, Kent State recognizes the need for an office dedicated to ensuring that university information services are secure and utilized properly.

Members of the Kent State community must be aware of any federally-protected data (FERPA, HIPAA, GLBA) and of other sensitive data such as Social Security Numbers that is stored on their workstations and servers and take these mandated steps to protect it. Those that do not have protected data must still comply with steps 1 - 7 to ensure that their workstations do not become compromised gateways that can be used to attack other university assets.

Information Services will work with all departments to assist them in becoming compliant with the appropriate mandates. The federated desktop support model will be leveraged to assist in this effort. Compliance will not be forced in a manner that would adversely affect the operations of any one area, but will be accomplished cooperatively in order to impact efficiencies in the least way possible.

1. The operating system (OS) must be patched and up-to-date.

  • You must subscribe to automatic updates if that feature is available for your workstation or server.
  • In cases where automatic updates would interfere with the integrity of research, violate support agreements, or interfere with critical application software, exceptions will be granted after review by the Office of Security and Compliance.

2. You must run an anti-virus product and make sure that you update the signature file on a daily basis.

Kent State provides anti-virus software for Mac and Windows platforms at no charge. This can be downloaded for: Microsoft Windows or Apple OS X.

3. You must regularly run an anti-spyware product such as Spybot.

This product is free to use.

Spybot can be downloaded at: www.safer-networking.org.

4. Your workstation must be password protected. All default or blank password entries must be removed.

Use strong passwords that contain a combination of letters, numbers and punctuation marks. Do not record your password and save it in a location near your workstation. Do not share your password with others.

5. Your Kent State workstation must be physically secure.

If you can lock your office during your absence, do so. Keep your laptop locked away in a safe area as often as possible. If possible, secure your workstation with a strong security cable.

6. Use a firewall on your workstation or laptop.

Windows XP (Service Pack 2 or newer), Windows 7, Mac OS X, and most versions of Linux come with one provided.

7. You must use a locking screensaver that requires a password to be entered after a period of inactivity.

If you frequently leave your work area, consider a time-out period of as little as 5 or 10 minutes.

8. Be aware of the data that is on your workstation and what you need to do to properly protect it.

Any datasets that can be accessed from a central server resource should be stored there and not on individual workstations.
You must follow Kent State's guidelines for the use and transmission of student ID numbers.

9. If you have protected or sensitive data on your laptop, delete it or keep it encrypted.

The University has licensed McAfee Endpoint Encryption full-disk encryption software. This software is now available to all Kent State employees for use on university purchased (Windows) computers.

10. When connecting from remote locations, always use a secure connection such as a VPN or secure wireless channel.

Many free wireless services offer no protection whatsoever. If you need to use wireless on-campus, make sure you are using the University's secure Kent State Wireless network. Also, be sure to use the KSU Cisco VPN when accessing protected information from off-campus.

If you have questions or problems in implementing any of these requirements you can contact:

Effective 11/9/2010

 

This page is maintained by the Office of Security and Access Management
Email: security@kent.edu
Phone: 330-672-5566
Fax: 330-672-3253