100 likes | 253 Views
IT Security Policies at K-State. Harvard Townsend Interim University IT Security Officer harv@k-state.edu 532-2985 College Court 114. Security Policies. Security Policies. K-State IT Policies: www.k-state.edu/vpast/itpolicies/ Security included in many New security-related policies:
E N D
IT Security Policies at K-State Harvard Townsend Interim University IT Security Officer harv@k-state.edu 532-2985 College Court 114 Dept Security Contacts Training
Security Policies Dept Security Contacts Training
Security Policies • K-State IT Policies: • www.k-state.edu/vpast/itpolicies/ • Security included in many • New security-related policies: • Desktop search tools (PPM 3485) • Extensive revision of PPM 3430 • Future policies per IT security audit Dept Security Contacts Training
Drivers for Policy Changes • IT security audit • Trend Micro purchase • Update antiquated procedures/policies • Address new threats Dept Security Contacts Training
Audit • Legislative Division of Post Audit • K-State, KU, Emporia State • Winter-spring 2004-2005 • Report April 2005 • Two reports – public and private • Set of recommendations, most of which have major policy and procedure implications Dept Security Contacts Training
PPM 3485 “Protecting Sensitive Data by Desktop Search Products” • Prompted by Google Desktop “Search Across Computers” feature in new release • Passed by IRMC spring 2006 • Can’t run Google Desktop if have sensitive data on the computer • Cannot use search across computers feature • Applies to other desktop search tools Dept Security Contacts Training
Update to PPM 3430 • Nearly a complete rewrite • Extensive review by Faculty Senate, IRMC • IRMC passed on Sept. 21, 2006 • Is in final review/approval process • Already interim policy Dept Security Contacts Training
Other Security Policies • PPM 3495 “Collection, Use, and Protection of Social Security Numbers” • PPM 3415 “Information Security Plan” (GLB) • PPM 7010, section .430 “Intellectual Property Rights” • PPM 7010, section .440 “Data Access and Retention” • PPM 3060 “Kansas Open Records Act” • PPM 3090 “Retention of Records” Dept Security Contacts Training
IT Policy Procedure • Now on web in vpast/itpolicies • IRMC reviews, revises • Faculty Senate, Dean’s Council, CITAC comments/signature • Executive Computing Committee approves • Published on vpast/itpolicies and PPM • Interim policies possible Dept Security Contacts Training
Questions? Dept Security Contacts Training