Institutional Computer Security Compliance

OVERVIEW OF SERVICE

The Drexel University Information Security Requirements (ISR-2) for Institutionally-Owned Computers outlines mandatory security practices to protect university data and systems.

DESCRIPTION & FEATURES

Device Configuration

• All institutionally-owned computers must be configured according to Drexel IT standards.
• This includes proper installation of operating systems, security patches, and approved software.

Authentication

• Devices must use secure authentication methods, such as Drexel credentials.
• Passwords must meet complexity and expiration requirements.

Encryption

• Approved antivirus software must be installed and regularly updated.
• Devices must be scanned periodically to detect and remove threats.

Firewall and Network Security

• Firewalls must be enabled and properly configured..
• Devices must connect through secure networks and use VPN when accessing Drexel resources remotely.

Physical Security

• Devices should be physically secured to prevent unauthorized access.
• Devices must connect through secure networks and use VPN when accessing Drexel resources remotely.

Monitoring and Auditing

• Drexel IT may monitor devices for compliance.
• Logs and audit trails must be maintained for accountability.

Incident Response

• Any security incidents must be reported immediately to Drexel IT.
• Devices involved in breaches may be quarantined or removed from the network.

ADDITIONAL INFORMATION

Computers owned or managed by or on behalf of Drexel must operate with all required software and in the required manner described within ISR-2 or within the requirements of individually approved Exception Requests granted by the office of the Chief Information Security Officer.