Introduction
The College of Engineering will implement and maintain a network and endpoint security program that meets the expectations of UW-Madison and UW-System policies and our partners. We intend to find a balance among competing interests of security, flexibility, and availability for all endpoints connected to the College of Engineering network.
Scope
This policy applies to any device, virtual or physical, used to conduct UW-Madison College of Engineering related business, that connects to the managed network and/or is used to access, manage, process, or store data. Devices include endpoints purchased or obtained through UW-Madison and personally owned devices that are used to conduct the work of the College of Engineering.
Purpose
The purpose of this policy is to establish the parameters for information technology security and access. This policy also provides guidance regarding the physical and logical access to, and security of, data and information technology systems.
Policy
- Security implementations will be executed in the best interest of the entire College of Engineering.
- All endpoints used for College of Engineering business will be either managed, monitored, or have a documented and approved mitigation plan.
- Each user of an endpoint will be given the least privilege necessary for their work.
- All security-related events will be logged and retained according to policy and partner agreements.
- A framework and process will be used for reviewing and documenting exceptions.
- The College of Engineering reserves the right to suspend network access to preserve the integrity of data and systems connected to the network.
Goals
- To protect the College of Engineering’s network and its computing resources from exploitation or compromise by persons or software, whether internal or external to the College.
- To protect the College of Engineering’s intellectual property from unauthorized access, alteration, theft, or deletion. Intellectual property includes research data and data that are protected by local, state, or federal laws or regulations as well as information that is protected by copyright, license agreements, or non-disclosure agreements.
- To provide network services that allow for the secure transmission of data with the expectation that the data will not be altered or tampered while en route to or from a college-controlled resource.
- To provide reliable network services to all customers of the College of Engineering network with a minimum of unplanned outages.
- To maintain complete records of all equipment connected to the college network. The records will facilitate prompt notification to customers of potential security deficiencies with their systems and notification to customers of planned network interruption arising from system upgrades or containment of security breaches.
References
Electronic Devices Connected to the Network Policy
UW System Administrative Policy 1036, Endpoint Protection
UW System Administrative Policy 1036.A Information Security: Endpoint Protection Standard
Restricted Data Security Management Policy
Responsible Use of Information Technology Policy