Understanding the Enterprise Security Controls Policy

Overview

Electronically stored academic, administrative, and research information is a critical University resource. Threats from computer hackers, malicious software, and attempts to steal sensitive information jeopardize the confidentiality and integrity of this resource. The consequences to the University from a compromise of our electronic data could be widespread and damaging.

The Enterprise Security Controls solutions include a specific set of technologies to significantly reduce security vulnerabilities, including firewalls, email, and web services.

Detail

 

Enterprise Network Firewalls

Enterprise Firewall Services utilize network firewalls which provide the highest level of protection from internet-based attacks. Network firewalls control network access to services on protected University computers. They also help monitor network activity that may be of a malicious nature. Network firewalls are required by several Federal regulations, including HIPAAGLB, and others.

 

Enterprise Email

The enterprise email system, Pitt Email (Outlook), offers powerful, redundant hardware and software. Pitt Email (Outlook) has a high level of reliability, standard email backup and retention policies, an Enterprise Spam and Virus Filter, and strictly monitored security controls.

 

Enterprise Web Services

Enterprise Web Services offer web hardware and software which include closely monitored security controls and high level availability through redundancy to host University websites.

 

Optional Hosting Service

Pitt IT provides hosting service for unit-operated servers at its highly secure and closely monitored RIDC computer facility. A very reasonable cost model has been implemented to recover the cost of providing the service at RIDC. This is a very cost effective and highly secure solution for securing departmental servers that contain sensitive data.

 

Policy

All departments are required to use enterprise email, web services, and firewalls.

  • Departments and University units are required to use the Pitt Email (Outlook) service. Independent email services are not permitted.

  • Departments and University units are required to use network firewalls installed and operated by Pitt IT. Supplemental software (host-based) firewalls are permitted and encouraged.

  • All University websites must be housed on the Enterprise Web Service. Departments, University units and individuals are not permitted to maintain independent web servers. Web-enabled applications in which the application webpages are not separable from the application code and web servers used solely to teach students how to manage websites may be excluded from this requirement.

If the servers contain sensitive data or data which would benefit from a more secure location, departments are encouraged to use the optional server hosting service. This service also relieves departments of the need to maintain server hardware and software.

For more information or to request access to these services, contact the Technology Help Desk at 412-624-HELP (4357) or submit a request online.

Related Information

 

University Policy AO 35 University Administrative Computer Data Security and Privacy (formerly 10-02-06)

Security Controls Memorandum, May 3, 2007 (PDF)

Request Help

Details

Article ID: 63
Created
Tue 7/18/23 1:05 PM
Modified
Tue 2/13/24 1:17 PM

Related Services / Offerings (1)

Security Awareness and Training (KnowBe4)
SECURITY CONSULTING AND EDUCATION KnowBe4 provides security awareness resources to train, promote and reinforce information security best practices.