LUTC Physical Workstation Security Measures
The purpose of these measures are to provide guidance for physical workstation security for Lincoln University workstations in order to ensure the security of information on the workstation and information the workstation may have access to. Additionally, these measures provide guidance to ensure the requirements of FERPA pertaining to Personally Identifiable Information (PII) protection and are meant to further enforce the security guidelines of the University’s Rules and Regulations and the University’s Acceptable Use Policy.
These measures apply to all Lincoln University users including, but not limited to, employees, contractors, workforce members, vendors, student workers and agents with a Lincoln University owned or personal workstation connected to the Lincoln University network.
3.0 Appropriate measures
Appropriate measures must be taken when using workstations to ensure the confidentiality, integrity and availability of sensitive information, including personally identifiable information (PII), and that access to sensitive information is restricted to authorized users.
3.1 Users using workstations shall consider the sensitivity of the information, including personally identifiable information (PII) that may be accessed and minimize the possibility of unauthorized access.
3.2 Lincoln University will implement physical and technical safeguards for all workstations that access electronic personally identifiable information (PII) to restrict access to authorized users.
3.3 Appropriate measures may include, but are not limited to:
- Restricting physical access to workstations to only authorized personnel.
- Securing workstations (screen lock or logout) prior to leaving area to prevent unauthorized access.
- Enabling a password-protected screen saver with a short timeout period to ensure that workstations that were left unsecured will be protected
- Complying with all applicable password policies and procedures.
- Ensuring that only authorized and business appropriate software is installed on workstations.
- Storing all sensitive information, including personally identifiable information (PII) on network servers or within secured applications such as Colleague.
- Securing laptops that contain sensitive information by using cable locks or by locking laptops up in drawers or cabinets.
- Running Anti-virus software.
- Ensuring that monitors are positioned away from public view. If necessary, install privacy screen filters or other physical barriers to prevent public viewing.
- Complying with all other policies and procedures such as the Lincoln University Employee Handbook, the Acceptable Use Policy http://www.lincolnu.edu/web/oit-help-desk/lincoln-university-acceptable-use-policy-for-computing-and-network-services, and the University’s Rules and Regulations Chapter 1.48 (http://www.lincolnu.edu/web/178980/rules-and-regulations
Any employee found to have violated these measures or the intent of these measures may be subject to disciplinary action defined within the Employee Handbook.
Personally Identifiable Information (PII): is information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual.
Unencrypted electronic information that includes an individual’s first name or initial and last name, in combination with any one or more of the following:
- Social Security number (SSN).
- Driver’s license number or State-issued Identification Card number.
- Financial account number, credit card number*, or debit card number in combination with any required security code, access code, or password such as expiration date or mother’s maiden name that could permit access to an individual’s financial account.
- Medical information (any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional)
- Health insurance information (an individual’s health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the individual, or any information in an individual’s application and claims history, including any appeals records)
Workstations include: computers, laptops, desktops, tablets, pads and mobile devices containing or accessing student information and authorized home workstations accessing the Lincoln University network.
Users: Any person using Lincoln University computing resources this includes, but is not exclusively limited to employees, volunteers, contractors, student workers, and students.
6.0 Revision History
- 11/12/12 – Draft Submitted to LUTC Security Subcommittee.
- 11/13/12 – v.2 Edits for constancy with AUP.
- 02/06/13 – v.3 Edits to emphasize measures to be taken and enforcement guidelines.
- 03/21/13 – Document approved by LUTC for submission to the President’s Office.
- 10/16/13 – President’s Office approval.