Enterprise Security Controls Policy | Information Technology | University of Pittsburgh
!

Enterprise Security Controls Policy

Electronically stored academic, administrative, and research information is a critical University resource. Threats from computer hackers, malicious software, and attempts to steal sensitive information jeopardize the confidentiality and integrity of this resource. The consequences to the University from a compromise of our electronic data could be widespread and damaging.

The Enterprise Security Controls solutions include a specific set of technologies to significantly reduce security vulnerabilities, including firewalls, email, and web services.

Enterprise Network Firewalls

Enterprise Firewall Services utilize network firewalls which provide the highest level of protection from internet-based attacks. Network firewalls control network access to services on protected University computers. They also help monitor network activity that may be of a malicious nature. Network firewalls are required by several Federal regulations, including HIPAA, GLB, and others.

Enterprise Email

The enterprise email system, Pitt Email (Outlook), offers powerful, redundant hardware and software that permits a high level of reliability, standard email backup and retention policies, an Enterprise Spam and Virus Filter, and strictly monitored security controls.

Enterprise Web Services

Enterprise Web Services offer web hardware and software which include closely monitored security controls and high level availability through redundancy to host University websites.

Optional Hosting Service

Pitt IT provides hosting service for unit-operated servers at its highly secure and closely monitored RIDC computer facility. A very reasonable cost model has been implemented to recover the cost of providing the service at RIDC. This is a very cost effective and highly secure solution for securing departmental servers that contain sensitive data.

Policy

All departments are required to use enterprise email, web services, and firewalls.

  • Departments and University units are required to use the Pitt Email (Outlook) service. Independent email services are not permitted.
  • Departments and University units are required to use network firewalls installed and operated by Pitt IT. Supplemental software (host-based) firewalls are permitted and encouraged.
  • All University websites must be housed on the Enterprise Web Service. Departments, University units and individuals are not permitted to maintain independent web servers. Web-enabled applications in which the application webpages are not separable from the application code and web servers used solely to teach students how to manage websites may be excluded from this requirement.

Departments are encouraged to consider using the optional server hosting service if the data on servers contain data which would benefit from a more secure location or contain sensitive data. This service also relieves departments of the need to maintain server hardware and software.

For more information or to request access to these services, contact the 24/7 Help Desk at 412-624-HELP (4357) or submit a request online.

References

University Policy 10-02-06, University Administrative Computer Data (UACD) Security and Privacy (PDF)

Security Controls Memorandum, May 3, 2007 (PDF)