Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

ESP PROGRAM DEFINITION

advertisement 
Department of Information Technology
Office of Information Security
Title
Access Control Policy
Purpose and Objectives
It is the purpose of this document to establish policy, provide guidance, and set forth the basic principles to be
followed in the administration of access controls for information assets. This Access Control Policy reflects the
College’s goals for managing access to information assets according to a standard of due care. The IT department will
implement a balance of physical, technical, and administrative access controls in line with other restructured institutions
of Higher Education in the Commonwealth of Virginia.
Scope
This Access Control Policy governs the following types of access:
·
·
·
Logical access to the network, general IT services, Sungard HE enterprise applications, and access to
server operating systems, applications and configuration files;
Physical access;
Remote access to IT systems and services.
Policy
Access to information assets and processing facilities will be managed and controlled using a combination of
preventive and detective physical, technical, and administrative access controls.
Logical access to the College’s network, applications, and data will be granted on a need to access basis as required
by an individual’s job role and responsibilities. Requests for group accounts or affiliate accounts will require additional
review and stricter limitations. All requests for access will be reviewed by the appropriate IT staff member and/or
system owner. Account audits will be performed periodically and regularly. Audit results will be reviewed and acted
upon appropriately.
Physical access to IT facilities housing information systems classified as highly sensitive will be protected using
electronic key cards and alarms. Periodic and regular audits of key card holders will be conducted and reported to the
Information Security Office. Guest access will require an IT staff member sponsor the guest and log the activity.
Facilities housing non-sensitive IT systems will be protected using lock and key security controls. Access to the Jones
Hall IT facility requires approval by the Director of Systems and Support. Access to the Blow Hall IT facility and all
other network closets requires approval by the Network Manager. Key card audits will be performed periodically and
regularly. Audit results will be reviewed and acted upon appropriately.
Procedures
For detailed procedures and standards supporting this policy refer to the following:






Physical and Environmental Security Standard
WM Account Standard
INB Account Standard
Application and OS Access Control Standard
Remote Access Control Standard
Network Access Control Standard
Page 1 of 2
Department of Information Technology
Office of Information Security
Definitions
Revisions
Version
06012008
Author
Pete Kellogg, ISO
Notes
Date
6-1-2008
Approvals
Name of reviewer
Courtney Carpenter
Title
Chief Information Officer
Page 2 of 2
Signature
Date
8-1-08
Related documents
Self Audits
Self Audits
PowerPoint Presentation - Road Safety Audit - Vej
PowerPoint Presentation - Road Safety Audit - Vej
Ms. Whitney F. Barton`s Curriculum VITAE
Ms. Whitney F. Barton`s Curriculum VITAE
manager internal tax
manager internal tax
AbstractID: 2247 Title: Theory of Quality Assurance
AbstractID: 2247 Title: Theory of Quality Assurance
Coordinator-SACC Program Development
Coordinator-SACC Program Development
Personal tax representation letter - CGA-BC
Personal tax representation letter - CGA-BC
Assessment Report July 1, 2008- June 30, 2009 Student Health Service
Assessment Report July 1, 2008- June 30, 2009 Student Health Service
Operational Auditing: Adding Value to Organizations
Operational Auditing: Adding Value to Organizations
Western Kentucky University Office of Internal Audit Types of Audits
Western Kentucky University Office of Internal Audit Types of Audits
Lesson 24
Lesson 24
CLIENT NAME: CLIENT I.D. #: LOCATION(S):
CLIENT NAME: CLIENT I.D. #: LOCATION(S):
Download
advertisement