Security Policy
In October of 2006, the Board of Regents mandated that each campus develop policies to protect sensitive data. The following section was inserted into the Handbook (Title 4, chapter 1, Section 22):
|
Data Security Policy
It is the policy of the Board of Regents that sensitive data maintained or transmitted by an NSHE institution must be secure. For the purposes of this section, “sensitive data” means any data associated with an individual, including but not limited to social security number and data that is protected by Board policy, or state or federal law.
Each NSHE institution must develop and maintain policies, standards, and/or procedures that describe and require appropriate steps to protect sensitive data that is maintained on an institution's computing devices or transmitted across a public network such as the Internet. Institutional policies must include the requirements for the eradication of data when computers are sent to surplus or repurposed. Institutions must be aware of all areas that data are stored, both physically and electronically, and must audit these areas annually to ensure that sensitive data are retained or destroyed as appropriate. Each institution must maintain policies and procedures to be followed in the event that sensitive data is released inappropriately.
|
The Information Security Office has drafted a set of policies
based on ISO 17799/27001, the international Standard for Information Security.
In order to meet the Regents' mandate, a subset of these policies have been adopted by the University with "Interim" status (pending review by appropriate committees).
UNLV Interim Security Policies (PDF files)
Capstone Policies:
Individual Privileges & Responsibilities
IT Operations & Provisioning
OIT Internal Policies
Best Practices
Handbooks and Procedures
|
