Desktop Security Guidelines
Desktop Security Guidelines
Policy Name: Desktop Security Guidelines
Policy Number: 03-05-015
Version Effective Date: June 15, 2005
Last Reviewed on: January 1, 2019
Policy Applies To: University wide
Responsible Office: Information Technology
INTRODUCTION AND STATEMENT OF PURPOSE
POLICY
In order to facilitate desktop security, the Department of Information Technology (IT) provides the following guidelines:
Activities for support personnel:
- All operating system updates and patches should be applied during the setup of a computer. In addition, the computer should be set up to check for and install updates automatically wherever possible.
- Updates and patches should be applied all campus-wide licensed applications installed on the computer.
- All computers should have the campus-license Enterprise McAfee anti-virus software installed and should retain the setting that schedules regular updates of virus definitions from the central server.
- New computer installation should have activated the built in firewall if available. All users should consider use of a commercial firewall, which offers additional protections not available from free products.
- Whenever possible, security policies should be set at the server level and applied to the desktop machines.
- All machines with Windows 2000 or XP should be checked with the Microsoft Baseline Security analyzer for obvious security holes.
- All compromised machines must be rebuilt by reformatting the hard drive and reinstalling all software and user data.
- When a computer is found to be compromised, ITS will disable network access from that system until it can be rebuilt or the issue corrected.
Activities for users:
- Do not install “freeware” products that install spyware and other malware.
- Periodically check that OS and Anti-virus software is updating correctly.
- Develop and initiate a regular backup strategy to network storage for all university-related documents and data.
- Do not share network access login information or leave logged in computers unattended.
DATE TO INITIATE REVIEW AND UPDATE
As deemed necessary or appropriate by the Policy Coordinator but at a minimum, at least every 5 years from the date of last review.