Security & Policy

Drake University IT policies exist to maintain, secure, and ensure legal and appropriate use of our campus information technology infrastructure and assets and have been developed within a Policy Framework. This framework seeks to place security and privacy in service of each other in order to provide the campus community with a high quality, trusted and secure campus computing environment, and as a means of protecting and securing its physical assets, data, and intellectual property. This Policy Framework and its policies have been developed under the oversight of the IT Security Advisory Board and are reviewed and approved by the President’s Cabinet and the Faculty Senate. A description of each policy is provided below along with a link to each policy document.

  1. Information Security (1.1): This policy establishes practices and security standards to preserve and protect institutional information. This policy incorporates a set of requirements for protecting the university’s computers and networks as well as safeguarding the university’s institutional information.
  2. Responsible Use of Technology Resources (1.2): This policy revises and updates the Acceptable Use of Computer Technology for Faculty and Staff Policy, and Acceptable Use of Computers Technology Policy for Students.
  3. Security of IT Devices (1.3): This policy defines Drake University’s standards to preserve its information technology devices, comply with applicable laws and regulations, and comply with other University or unit policy regarding protection and preservation of data. Toward these ends, faculty, staff, students, and visitors must share in the responsibility for the security of information technology devices.
  4. Authentication to IT Resources (1.4): This policy describes Drake University’s use of electronic identifiers as a requirement to protect its information technology (IT) resources and to adhere to regulations governing the privacy and security of sensitive data, in part, by requiring the use of electronic identifiers and secure passwords to control access.
  5. Network Registry (1.5): This policy supports the creation of a central registry of devices connected to the university network.
  6. Reporting Electronic Security Incidents (1.6): This policy defines prompt and consistent practices for reporting electronic security incidents to protects and preserve Drake-owned electronic assets and resources, and aids in the university’s compliance with applicable law.
  7. Data Stewardship and Custodianship (1.7): This policy defines accountability for the handling of university data.
  8. Stewardship and Custodianship of Email (1.8): This policy describes the way in which the university strives to protect electronic mail from inappropriate access or disclosure in order to enhance the trustworthiness of university information technology systems and comply with relevant regulations, laws, and policies regarding the protection of certain types of data, as well as back-up and retention standards.

4 Things YOU can do to insure Safe & Secure computing:

  1. Be wary of social engineering attempts and do not respond to Phishing: “Phishing” is a common type of email fraud.  A message is sent asking the recipient to reply with personal information.  You may be asked for usernames, passwords, bank and credit cards numbers, social security number, etc. Drake University will NEVER request personal information or passwords via email!
  2. Reset your password regularly. Drake University requires that passwords be reset ever 12 months. In addition, you should not share your password or store it in an insecure place; if you think that your password is compromised you should immediately reset your password and contact the support center.
  3. Keep your operating system updated: Many of the attacks launched against computers succeed by taking advantage of flaws found in the computer’s operating system (OS). These flaws are patched by installing system updates provided by the OS vendor. To help keep a computer protected, the operating system should be configured to download and install updates on a regular basis. Drake owned PC computers are automatically patched via a windows update server. Drake owned macintosh computers should be updated regularly by doing a software update.
  4. Install Anti-virus Software Anti-virus software defends a computer against malicious code. The Drake Acceptable Computer Use Policy states that current anti-virus software is required on all campus computers. Drake pre-installs Sophos anti-virus software on all Drake owned computers.  Sophos anti-virus software scans your computer for known spyware. Sophos is also available for personally owned machines.
  5. Enable Personal Firewall Protection: A firewall can protect a computer against hackers and other security attacks. The latest versions of Windows and the Macintosh operating systems have built in firewalls.

Current published policies: DTS is currently revising its policy library to adopt a standardized format and approval process. Please contact the Chief Information Officer if you would like to discuss any of the policies listed below or if seeking clarification on any specific policies.

Drake Web Policy