IT Security Policy

Purpose: To establish the security requirements that all individuals associated with Pittsburg State University are expected to understand and consistently follow. These measures are critical to ensuring the Confidentiality, Integrity, and Availability (CIA) of the university’s information and systems.

Applies to: All individuals issued PSU credentials or authorized to access PSU systems. Any device owned by PSU or used for university business, including devices that obtain an Internet Protocol (IP) address from the PSU network.

Statement:
Pittsburg State University (PSU) will implement security measures to ensure the privacy of information, prevent unauthorized access to systems, and protect against unauthorized modification of information. These security measures are supported by the enterprise information technology security requirements set forth in the State of Kansas Information Technology Executive Council (ITEC) 7000-P Series Security Policies and the Kansas Board of Regents (KBOR) Information Technology Security Policy.

Policy:

Responsibilities

All Users

All users should report any unauthorized access attempts or suspicious activity to the ITS Information Security Officer at itsecurity@pittstate.edu.

Information Technology Services (ITS)

• Evaluate and mitigate threats to information resources, including taking necessary actions such as disconnecting devices from the PSU network.
• Investigate and respond to security incidents in alignment with established procedures.
• Conduct regular risk and vulnerability assessments in coordination with internal audit teams.
• Define and enforce security specifications and standards for devices connected to the PSU network, including maintaining current operating system patches and anti-virus software.
• ITS staff must sign an ITS Employee Confidentiality Agreement and comply with all security policies.

Authorized Users

Authorized users share responsibility for information security by adhering to all security policies and procedures.

Policy Compliance

Exceptions and Variances

Deviations from this policy require prior approval by the Information Security Officer, verified by the Chief Information Officer (CIO), and in accordance with the KBOR Information Security Policy Exception procedures.

Consequences of Non-Compliance

• Faculty, Staff, and Student Employees: Subject to disciplinary actions based on employment processes.
• Students: May face non-academic misconduct proceedings.
• Affiliates: Risk discontinuance of IT services.

Supporting Standards and Training

This policy is reinforced through detailed standards documents and mandatory annual security awareness training for faculty, staff, student employees, and contingent workers.

Contact for Reporting and Assistance

All security-related concerns or policy violations should be reported to ITS at itsecurity@pittstate.edu.

You can find all university IT Security policies at our main page.

This policy is essential to maintaining a secure and reliable environment for Pittsburg State University to fulfill its mission and ensure the safety of its data and systems.