Richman Investments’ Remote Access Security Standard defines required tools and practices to ensure that faculty and staff can access data from remote locations in a secure manner. Company data, which is fully defined in the Information Security Standard, can generally be grouped into three, broad categories:
1. Confidential Data: This category includes the most sensitive data (ex: Social Security numbers) and requires special protection.
2. Enterprise Data: This category also includes sensitive information (ex: business records) that must be protected.
3. Public Data: This information is generally widely disseminated and can be accessed with higher levels of security protection.
Different security requirements apply to each of the categories of data. The objective of the company’s security standards is to keep company data on internal, secure systems whenever possible and apply high levels of security in the rare cases when sensitive data must be moved out of internal systems.
Level 1 Minimum Computer Security Requirements:
The requirements below apply to all computers that are used to access company data from remote locations. Faculty and staff who only need to meet these minimum requirements include those who only need SU “public” services. Such services include www.syr.edu and other public web sites, Myslice “self service” functions, Outlook/Exchange e-mail, and departmental Terminal Servers, among others. Terminal server is easy to use and enables all company data to remain on internal, secure systems.
At a minimum, all remote computers must:
• Be built and maintained by the employee or by Richman IT staff. Company employees should not access company data from public workstations, Web cafes, kiosks, etc. Such public machines are not secure and may result in employees’ login credentials (NetID and password) being compromised.
• Computers must be