|TITLE: Information Security||ID:|
|ORIGINATOR: Information Security Office||DATE: Jan 5, 2005|
|REVIEWED: President's Council||DATE: Feb 16, 2005|
|APPROVED: Raymond S. Greenberg, MD, PhD||DATE: Feb 16, 2005|
|IMPLEMENTATION: Enterprise-wide||DATE: Feb 16, 2005|
Please refer to MUSC Information Security Rationale: The Need for Safeguards for an overview of the legal and ethical considerations that have motivated the development of this policy. The following laws and regulations have particular relevance:
Only MUSC's faculty, staff and students are authorized to connect devices to MUSC's campus network. Any device that is connected to MUSC's network must be configured, maintained and operated by its designated Owner in accordance with the minimum security and connectivity standards set by MUSC.
MUSC faculty, staff and students are the only persons authorized to connect computing and/or communication devices to MUSC's campus network. A device may be connected by one of these authorized users if and only if the device has been configured, and will be maintained and operated, in accordance with the minimum standards referenced in this document.
Visitors and guests on the MUSC campus, including vendors and contractors, may not connect any device to the MUSC network without explicit authorization from a member of the MUSC faculty or staff.
No device may be connected to MUSC's campus network unless an Owner has been designated for the device. The device's designated Owner is responsible for ensuring that the device is configured, maintained and operated in accordance with the minimum standards referenced in this document.
For any device connected by an MUSC faculty or staff member, or by an MUSC student, the individual who connects the device is held accountable as the Owner of the device, unless a different Owner has been designated.
For any device connected to the network by a visitor or guest of MUSC, the MUSC faculty or staff member who authorizes the connection is held accountable as the Owner of the device.
For any device connected to the network by a contractor, accountability for the device must be established by contractual terms.
MUSC may deny network connectivity to any device that does not meet the minimum standards referenced in this document. MUSC may remove (disconnect or quarantine) any device from the network, in the event that the device is interfering with other devices or resources on the network, or the device's presence on the network creates unacceptable security risks for MUSC.
Before any device may be connected to the network, the device's designated Owner must ensure that the device itself is protected against any reasonably anticipated security threats. In addition, the Owner is responsible for ensuring that adequate safeguards are in place to protect against any reasonably anticipated threats that the device, or any persons or agencies with access to the device, might pose to MUSC's network, or to any information resource accessible through MUSC's network. At a minimum, all applicable MUSC standards documents should be consulted prior to connecting any device to MUSC's network.
This policy will be maintained and published electronically by the Information Security Office. This policy is a public document and there are no restrictions on its distribution.