REQUEST HELP
How to Find Us

Contact ITS

Exley Science Center
ITS Service Desk / Help Desk - 1st Floor Lobby
265 Church Street
Middletown, CT 06459

Main: 860-685-4000

Hours: Monday - Friday
8:30am - 5:00pm

After hours high impact / high urgency IT support

Information Security Policy 

 

Purpose 

This Information Security Policy outlines the university’s obligations to protect the confidentiality, integrity, and availability of the information that is stored on, processed by, or transmitted through university-provided Information Technology Resources (ITRs), as defined in the Appendix. 

 

Scope 

This policy applies to all university-provided ITRs. 

 

Policy 

Data Classification Policy Linkage 

This policy is directly linked to the Data Classification Policy.  This policy and all associated standards key off the Data Classification Levels – Restricted, Sensitive, or Public, as defined by the Data Classification Policy, of the ITRs in question. 

Risk Assessment 

All ITRs will be handled in accordance with the Risk Assessment Policy. 

Awareness and Training 

Annual security awareness training will be provided to all faculty and staff.   

Incident Response 

Any incidents that threaten the confidentiality, integrity, or availability of ITRs will be handled in accordance with the Incident Response Plan.  The Incident Response Plan is not a public document.  Wesleyan faculty and staff can request a copy of the Incident Response Plan from the Chief Information Security Officer. 

Configuration Management 

All ITRs listed in the Configuration Management Table in the Appendix will be configured in accordance with the applicable standard listed in the Configuration Management Table. 

Encryption 

All ITRs classified as either Restricted or Sensitive will be handled in accordance with the Encryption Standard. 

Passwords 

All service accounts used to access ITRs classified as either Restricted or Sensitive will be created in accordance with the Password Standard. 

Cameras 

All networked cameras on campus will adhere to the Networked Camera Policy. 

Badge Access Control 

All access control devices that read university identification cards will adhere to the Badge Access Control Policy. 

Vulnerability Management 

All ITRs classified as either Restricted or Sensitive will be regularly scanned for vulnerabilities in accordance with the Vulnerability Management Policy. Any confirmed vulnerabilities will be addressed in accordance with the Vulnerability Management Policy. 

Exceptions 

All exceptions to this policy require written approval from the Chief Information Security Officer.  All exceptions require annual renewal. 

 

Appendix 

Configuration Management Table 

ITR type 

Configuration Standard 

Workstation 

Workstation Configuration Standard 

Server 

Server Configuration Standard 

Network Equipment 

Network Device Configuration Standard 

Internet of Things (IoT) device 

Internet of Things Configuration Standard 

Operational Technology (OT) 

Operation Technology Configuration Standard 

Networked Camera 

Included in the Networked Camera Configuration Policy 

 

Definitions and Terms 

Information Technology Resources (ITRs) – This includes, but is not limited to, end-user computing devices, services, networks, email, software, printers, scanners, video distribution systems, telephone systems, fax systems, and other computer hardware and software, whether owned by the university or contracted by the university from a third party. 

 

Revision History 

August 2024 – Policy adopted