Skip to main content Skip to main content

Device Security

Information and Information Technology


Contents


Policy Statement

The purpose of this policy is to ensure that all devices used to process, transmit, or store data associated with Metropolitan State University of Denver computing systems are appropriately secured.

Institutionally Issued Devices

Devices issued by MSU Denver will be configured with certain security configurations and security applications. These devices may include disk encryption, virus protection, built-in firewalls, and other features. These security applications and settings must not be altered by end users without authorization from IT Services.

Mobile Devices

Mobile devices, including but not limited to, smart phones, personal digital assistants, mobile readers, laptops, and portable storage devices may be used to connect to MSU Denver computing systems. These devices must be appropriately secured and must never be used to store confidential information such as Social Security Numbers (SSN) or credit card numbers.

Personally Owned Devices

Personally owned devices may be used to connect to MSU Denver computing systems. These devices must be appropriately secured and must never be used to store University confidential information, such as Social Security Numbers (SSN) or credit card numbers.

Network Devices

MSU Denver networking systems are to be installed and maintained by MSU Denver IT Services Networking administrators. Unauthorized installation or use of networking devices such as wireless access points, network switches or routers, or other devices can interfere with MSU Denver Networking systems, and is therefore prohibited. Unauthorized devices found to be connected to MSU Denver networks may be disabled, disconnected, and/or confiscated if they are found to be inappropriately installed.


Background and Purpose

Background: MSU Denver's information security policies were created by the IT Strategic Oversight Committee (ITSOC) Information and Instructional Technology Policies Subcommittee and reviewed by the University’s Policy Advisory Committee. Review of these policies will be made on an annual basis, with any changes or additions being submitted through the University’s policy review and approval process.

Purpose: MSU Denver’s information security policies are focused on protecting critical data and information systems of Metropolitan State University of Denver from loss, damage, or inappropriate modification or disclosure. The policies contained in this document are designed to ensure that the University adheres to security standards commensurate with the data and systems referenced, while maintaining appropriate functional access for students, faculty, and staff.

Scope: These policies apply to all individuals, including students, faculty, and staff, provided access to University data and information technology systems. Contractors and otherwise affiliated individuals must agree to abide by the information security policies before accessing university systems and data. Role-based policies and procedures that apply to specific groups of users will be provided when applicable, in accordance with functional requirements and data classification.


Roles and Responsibilities

Approval Authority: President

Responsible Executive: Chief Information Officer

Responsible Administrator: Chief Information Security Officer

Responsible Office: Information Technology Services

Policy Contact: IT Services, msudenver.edu/technology, 303-352-7548


Enforcement and Reporting

Adherence to Information Security Policies is mandatory and may be based on State or Federal statute, contract language, or information security standards. These policies are not intended to unreasonably interfere with system utilization. Individuals should contact the IT Services Help Desk to report security risks, violations of policy, or to make requests for exceptions or amendments to the policies. The Chief Information Security Officer (CISO) and other IT Services staff will respond to all reported security issues and will work with the policy subcommittee to allow for development of appropriate updates to policies. Violations of these policies may result in fitting administrative action up to and including revocation of system privileges, employee termination, or student expulsion.

Information about the Information and Instructional Technology Policy subcommittee is available on the IT Governance website.


Policy History

Effective: July 1, 2017


Related Information


Edit this page