Personal Computer Security Standard

The College of St. Scholastica
Personal Computer Security Standard

Screen Saver Password

All personal computers will be delivered with the screen saver password configured to activate after 15 minutes of inactivity. 

Data Scrubbing

Scrubbing will be performed on all personal computers when redeploying or at the time of disposal.  Data scrubbing will be performed to the Department of Defense security standard.

Confidential Data

Confidential Data is defined in the Minnesota state statute. It states that confidential data is defined as an individual's first name or first initial and last name in combination with any one or more of the following data elements when either the name or the data elements is not encrypted:

Social security number

·         Drivers license or Minnesota identification card number

·         Account number or credit or debit card number

No confidential data is allowed to be stored on personal computers or portable devices except as described below. 

Portable computers where confidential data may be stored on the hard drive

When confidential data is required for work purposes on portable computers, full encryption will be installed.

A portable computer is defined as a personal computer that is mobile such as a laptop, tablet, netbook, or similar device.

Sample population: Vice Presidents, Admissions Counselors, IT Staff, Extended Campus Staff

Encryption:  Full disk encryption software will be installed on each hard drive prior to use as per IT Security Profile standards.  The encryption software requires an additional password at start up.

Forgotten passwords can be reset by Information Technologies through an interactive process.

USB Devices

Sample devices: thumb drives, i-pods, PDA's

Encryption: All college non-confidential data stored on USB devices will be encrypted and password protected. 

Mobile Phones

No confidential data will be stored on mobile phones

Mobile phones should be password protected if any college data is stored on the device (i.e. College e-mail).  Most phones also have the ability to encrypt the contents on the phone and this should be considered.  If you receive work email on your phone you should contact Information Technologies immediately if the phone is lost or stolen.

Lost or Stolen devices

Information Technologies must be notified immediately of the loss or theft of any device containing college data. 

 

Updated:  April 2010

Point of Contact:  Lynne Hamre, CIO, or Mike Hanson, IT Security