Security Extension to Appropriate Use Policy

Aamusted University Security Extension to Appropriate Use Policy

Section 1: PURPOSE

This Security Extension to the Appropriate Use Policy outlines additional guidelines and standards aimed at enhancing the security posture of Aamusted University’s Information Technology Systems (ITS) resources. It serves to fortify the responsible and acceptable use of technology, ensuring the protection of sensitive data and the integrity of the university’s IT environment.

Section 2: ACCEPTABLE SECURITY PRACTICES

2.1 Password Management:

– Users must adhere to strong password practices, including regular updates and the avoidance of easily guessable passwords.
– Multi-factor authentication is strongly encouraged for an added layer of security.

2.2 Data Encryption:

– Sensitive data, both in transit and at rest, must be encrypted to prevent unauthorized access.

2.3 Endpoint Security:

– University-owned devices must have up-to-date antivirus software, and users are encouraged to employ security measures on personally-owned devices accessing university resources.

2.4 Wireless Network Security:

– Users must connect only to secure and authorized wireless networks.
– Ad-hoc network creation is strictly prohibited to prevent security vulnerabilities.

Section 3: SECURITY INCIDENT REPORTING

3.1 Prompt Reporting:

– Users are obligated to report any suspected security incidents promptly to the IT Security team.

3.2 Collaboration with IT Security:

– Cooperation with the IT Security team during security investigations is mandatory for all users.

Section 4: THIRD-PARTY SOFTWARE AND SERVICES

4.1 Approval Process:

– The use of third-party software or services that involve university data must be approved by the IT Security team to ensure compliance with security standards.

Section 5: REMOTE ACCESS

5.1 Secure Connection:

– Remote access to university resources must be conducted through secure and approved methods, such as Virtual Private Network (VPN) connections.

Section 6: SECURITY AWARENESS TRAINING

6.1 Mandatory Training:

– Users must participate in periodic security awareness training to stay informed about the latest security threats and best practices.

Section 7: COMPLIANCE AND ENFORCEMENT

7.1 Security Audits:

– Regular security audits will be conducted to assess compliance with these security extensions.
– Non-compliance may result in the suspension of IT privileges and disciplinary action.

Section 8: POLICY REVIEW AND AMENDMENT

8.1 Regular Review:

– These security extensions will undergo regular reviews by the Office of Information Technology and CIO to address evolving security challenges.

8.2 Amendment Process:

– Proposed amendments will be evaluated, and revisions will occur when deemed necessary to enhance security measures.