Navigation Bar IT Admin Ed Tech Library IT Services
Information Technology
Information Technology Services Home Computer Security Policy
Information Technology Services
   
   
Common Links
Request Assistance
Online
   
GroupWise Web Access
   
Moving Equipment
Checklist
   
Latest Tech Tip
   

 

Purpose
Resources Covered
 Groups Covered
Definitions
Procedures
Limitations
Related Documents
 Remote Access Security Policy
Contact Information


Purpose
An academic health center creates, processes and manages sensitive materials each day. The data and systems created and managed are proprietary, and as such must be secure from inappropriate use and intrusions. The purpose of this policy is to establish security requirements for all computer systems and data and provide an accountability framework for users. Violations of this policy and its procedures are a serious offense and appropriate disciplinary actions will be taken.


Resources Covered

  • Central computer network via campus or remote access
  • All software programs and systems
  • All data maintained in active or archived files

Groups Covered

  • Full-time, part-time and volunteer faculty, administrative and support staff
  • Emeritus faculty
  • Full-time and part-time students
  • Affiliated campus corporations or non-profit groups
  • Other groups and organizations relying on kumc.edu as a host through contractual relationships.

back to top Top

Definitions


Information Resources
Computer systems, equipment, software and data.

KUSM-W
All academic and support units, and related organizations and corporations using the central computer network.

Network
Computers and associated devices connected to the Medical Center’s central communications line.

System
Computer that provides services to multiple users or other computers.

User
Anyone who accesses the Medical Center’s network, computer systems or data.

Certified Computer
Server or workstation configured and tested to meet specific security requirements.

back to top Top

Procedures

 Information Technology will establish the following levels of security.

Physical

  • Access to control centers will be regulated at all times.
  • Building wiring will be concealed and access portals locked.
  • Obsolete computer equipment will be disposed of through IT Services.

Network

  • All network equipment and software will be installed and maintained by IT Services. Users may not install hubs, wireless access points, terminal services, or other equipment that extends the network nor may they access, alter, remove, connect to, or otherwise tamper with any equipment managed by IT Services.
  • Programs that interfere with proper network operation or that create substantial interference or risk will not be allowed.
  • Traffic matching specific reconnaissance, intrusion or virus patterns will be prevented from entering or exiting the network.
  • Wireless access will be permitted only for registered computers.
  • Remote access to networked systems and devices will be permitted only as specified in the Remote Access Security Policy .

Workstations

  • McAfee anti-virus, ePolicy Orchestrator, and TrackIT remote support software will be active on workstations connected to the network.
  • Workstations will be protected from the Internet by a firewall.
  • IT Services staff will certify workstations that access Protected Health Information (PHI) or student financial data.

Data

  • Backups will be performed according to schedules determined by type, sensitivity, importance, and value.
  • Encryption will be applied based on type, sensitivity, importance and value.
  • The record retention schedule will govern the storage of data.
  • Protected Health Information (PHI) and student financial data will be safeguarded in compliance with HIPAA and the Gramm-Leach-Bliley Act .

User

  • Access to systems and data will be granted on a need-to-know or need-to-use basis using appropriate passwords and supervision.
  • Access will be immediately terminated when a user separates from the Medical Center. Inactive accounts will be disabled or deleted after review.
  • Employees will complete annual Computer Security Awareness Training.

back to top Top

Limitations

Appropriate measures will be taken to protect the security of KUSM-W information resources. Nevertheless, KUSM-W cannot fully guarantee the integrity, availability and/or confidentiality of its resources from unauthorized modification, destruction or disclosure.

back to top Top

Related Documents

 http://wichita.kumc.edu/nts/policies.html

back to top Top

Contact Information

For information on this policy, please contact

Tom Knapp
Director for Information Technology
Manager for Educational Technology
University of Kansas, School of Medicine - Wichita
1010 N. Kansas
Wichita, Kansas 67214-3199
(316) 293-3462

Penni Smith
Assistant Director
Information Technology Services
University of Kansas, School of Medicine - Wichita
1010 N. Kansas
Wichita, Kansas 67214-3199
(316) 293-3505

back to top Top

 

IT > Information Technology Services> Policies > Password Security Policy

ku school of medicine-wichita home

Page Last Updated: April 28, 2005
For more information contact: Information Technology Services
For site development questions and comments, contact: The Web Development Unit
Copyright © 2001-2006, The University of Kansas School of Medicine - Wichita