Security Policies

BSD Information Security Policies

The  BSD Information Security Office (ISO), UCM and University Information Security Offices have collaboratively developed a set of cyber security policy documents that will direct and guide our Organizations through the new landscape of cyber security threats and regulations.  These Policies apply to employees and students of the Organizations, individuals who fall within the definition of “Workforce” of an Organization, and third parties with access to the Organizations’ Information Systems and/or the Organization’s Information Assets (“Covered Individuals”).

For further information or to request assistance, please contact us at security@bsd.uchicago.edu.

Policy Name Executive Summary Policy Status
Access Control Policy Access Control Policy Summary Approved
Audit and Accountability Policy Audit and Accountability Policy Summary Approved
Awareness and Training Policy Awareness and Training Policy Summary Approved
Configuration Management Policy Configuration Management Policy Summary Approved
Data Classification Policy and Handling Procedures Coming Soon Approved
Media Protection Policy Media Protection Policy Summary Approved
Personally Owned Devices Policy Personally Owned Devices Policy Summary Approved
Physical and Environmental Protection Policy Physical and Environmental Protection Policy Summary Approved
Responsibility and Oversight Policy Responsibility and Oversight Policy Summary Approved
Risk Assessment & Management Policy Coming Soon Under Review
System and Communications Protection Policy Coming Soon Approved
System and Information Integrity Policy Coming Soon Approved

 

*After clicking on the Policy, you will receive a prompt to login with either your BSDAD or UCHAD account. For BSDAD accounts, please login using the syntax “BSDAD\<username>” and your BSDAD password. *After clicking on the Policy, you will receive a prompt to login with either your BSDAD or UCHAD account. For BSDAD accounts, please login using the syntax “BSDAD\<username>” and your BSDAD password.

 

BSD Information Security Standards

 

The BSD Information Security Office (ISO) has developed standards to guide a system owner or administrator in reviewing a system configuration and ensuring the system is properly protected. These Standards apply to Systems in the BSD research and academic enterprise, which includes BSD basic sciences, the Pritzker School of Medicine, and various other BSD units engaged in research. System Administrators, researchers and staff with system administration responsibilities are expected to safeguard information and systems they use and/or support. Non-compliance with these standards will result in revocation of access to the data, system, and/or network.

For further information or to request assistance, please contact us at security@bsd.uchicago.edu.

 

Standard Name Standard Description
STA-01 BSD Minimum Security Standards for Systems This document defines the BSD minimum security standards required for systems that may be used to access, store or process (input, output, transmit, receive, display, calculate, etc.) information owned and used by the University of Chicago Biological Sciences Division (BSD).
STA-02 BSD Security Standards for Databases This document defines the BSD Security Standards for Databases including Access, Data, Database Applications, and Build and Configuration controls that a database owner or administrator must take to review and ensure that the database is properly protected.
STA-03 BSD Security Standards for Networked Printers

This document defines the BSD Security Standards for Networked Printers including Access, Logging and Configuration controls that a printer owner or administrator must take to review and ensure that the network printer is properly protected.

STA-04 BSD Password Management Standards

This document defines the BSD Password Management Standards required for configuring and protecting passwords to reduce the risk of account compromise in the Biological Sciences Division.

STA-05 BSD IT Asset Inventory and Categorization Standards

This document defines the BSD IT Asset Inventory and Categorization Standards required for identifying and prioritizing BSD information technology assets that contain University information.

STA-06 BSD Media Sanitization Standards

This document defines the BSD Media Sanitization Standards required for the secure removal of restricted information from media used to store information owned and used by the Biological Sciences Division.

STA-07 BSD Security Standards for Web Applications

This document defines the BSD Security Standards for Web Applications. This standard ensures that web applications used by the Biological Sciences Division are properly and safely developed.

STA-08 BSD Vulnerability Management Standards

This document defines the standards required for reducing the risks posed by breaches in security caused by the exploitation of vulnerabilities in the Biological Sciences Division.

STA-09 BSD IT Security Exception Standard

This document defines the standards for requesting an IT Security exception to compliance with established Biological Sciences Division information security policies, standards, and procedures.

 

BSD Information Security Guidelines and Procedures

 

Securing Devices Guidelines 
The purpose of these guidelines is to ensure greater security on individual assets.
  1. GDE-01 Securing a Macintosh Device
  2. GDE-02 Securing a Windows Device
  3. GDE-03 Securing an Android Device
  4. GDE-04 Securing an iOS Device