Marquette University relies heavily on computer systems to meet its educational, financial, and operational requirements. It is therefore imperative that computer data, hardware, networks and software be adequately protected against alteration, damage, theft or unauthorized access.
The purpose of this policy is to establish requirements which must be met to ensure the security of Marquette University’s electronic information.
Marquette University will protect its information assets, including its networks, by controlling authorized access, creating logical and physical barriers to unauthorized access, configuring its hardware and software to protect its networks and applications, and by monitoring network activity. These measures will apply to each employee, student, contractor, business partner or other third party who connects to a Marquette network or other information asset. This includes a connection through remote access.
Only authorized individuals may access a Marquette University information asset. Access will be granted according to business or academic need after proper system approval by the University unit that is responsible for the data or system to which access is requested. Confidential or sensitive University data may only be stored on assets owned by Marquette University.
Marquette University will design its network architecture and applications to limit user access to only those systems or data required to meet an academic or business need. Marquette University will secure data centers, switch rooms and other sensitive sites against unauthorized physical entry, and will employ “demilitarized zones” or other hardware configurations to control access, including remote access, to Marquette’s networks, applications or other information assets.
Marquette University will configure its hardware and software to eliminate known security vulnerabilities and will apply vendor-produced software patches promptly. It will filter and scan incoming messages and files for viruses, worms or other malicious programs.
Marquette University will use change control management tools to monitor, evaluate and record alterations to an existing production environment, e.g., a change to program code or a configuration change to software or hardware. The degree of review the change receives will be determined by its impact on other Marquette University information systems or users.
Marquette University will further protect its data and networks by backing up data according to industry-accepted standards. As required, Marquette University will create and maintain redundant systems, and plan appropriate measures to recover its information assets from disaster or other significant interruption of service.
Marquette University will use intrusion detection technology, engage outside consultants to perform security reviews and identify and assist Data Owners with their review of access to financially or otherwise significant university systems. Marquette University will investigate identified exceptions to this policy and report such exceptions to appropriate offices as required.
Information asset. In this policy, an information asset is hardware, software, or a system comprising hardware and software, owned, controlled or used by Marquette University.