Skip to main content
Sign in

Information Security Program Sections

  • Updated
  • This article is maintained by the Office of Information Technology

 

Access Management

Only authorized users shall have physical, electronic, or other access to Western Michigan University's data resources. Access shall be limited to users with a business need to know, and limited to the requirements of their job function.

Applicable Policies

Awareness Training

Western Michigan University students, faculty, staff, temporary employees, and when appropriate, contractors and third party users shall receive information security awareness training with regular updates on policies, rules, and procedures, as relevant for their role at the University.

Training programs are in development and are anticipated to be made available soon. These programs will be both presentations based and interactive. Contact your department's IT professional/LAN manager for additional information on security practices and procedures within your unit.

Applicable Policies

Backup and Recovery

Information technology resource administrators shall conduct backups of user-level, application-level, and system-level information commensurate with the assessment level of risk and protect backup information at the storage location. Measures to protect backup media shall be commensurate with the importance and sensitivity of the data and should include physically secured off-site copies as appropriate.

Applicable Policies

Change Management

Units (colleges, departments, schools, etc.) responsible for information resources will ensure they have and follow approved change management procedures that include a security review.

See also:

Applicable Policies

Data Management

Western Michigan University takes measures to protect confidential information that is stored, processed, or transmitted using its computing resources.

Applicable Policies

Disaster Recovery

Western Michigan University shall have, and periodically review, test, and update, a formal, documented disaster recovery plan.

Exceptions

Exceptions to the information security program and any related policies or procedures may be made where costs greatly exceed the risk of non-compliance.

Exception requests are reviewed and analyzed by the Campus Information Security Committee. Exceptions that have been approved will be documented.

Incident Management

Western Michigan University shall have, and periodically review, test, and update, a documented incident response plan that addresses scope, roles, responsibilities, management commitment and coordination among University entities. All students, faculty and staff shall be made aware of the procedures for reporting incidents.

Applicable Policies

Network Security

Access to internal and external networked services shall be controlled, restricted, and protected commensurate with the assessed level of risk. The security of network services shall not be compromised by ensuring that appropriate controls are in place and appropriate authentication mechanisms are applied.

Applicable Policies

Physical and Environmental Security

All units shall physically protect their computing resources. Locks, cameras, alarms, redundant power systems, fire detection and suppression systems and other safeguards, as appropriate, shall be installed to discourage and respond to unauthorized access.

Applicable Policies

Remote Access

Employees who use computing resources or devices to access, create, receive, or transmit University data are responsible for protecting that information. Appropriate procedures regarding confidentiality and privacy of information should be followed at all times, regardless of location, on, or off, campus.

Applicable Policies

Roles and Responsibilities

The security administrator for Western Michigan University is Robert Johnson in the Office of Information Technology.

The information security incident response team is lead by James Gilchrist, Chief Information Officer, and responds to incidents of information security breaches.

All employees of Western Michigan University are responsible for knowing and adhering to best practices of information security.

Applicable Policies

Vendor and Business Services Agreement

Western Michigan University may permit vendors, or other third parties, to create, receive, maintain, or transmit confidential University data when assurances are obtained that the vendor will sufficiently safeguard the information. Departments or individuals using University funds to purchase products that will utilize University technology resources must adhere to the Information Technology Acquisition Policy and submit a product review request to the Office of Information Technology to ensure that the product will work within the University's computing and network architecture.

Applicable Policies

Violations

Non-compliant incidences must be reported to the Security Office who will work with appropriate authorities to resolve the issue. Western Michigan University reserves the right to revoke access to University information resources to anyone who violates information security policies. In addition, violations of policies may result in disciplinary action in accordance with University policy.

The security office may be reached by way of email to oit-security@wmich.edu or by telephone at (269) 387-5430.

 

 

 

 

 

 

 

 

 

 

 

 

Need help?

The Technology Help Desk is available to help you with this topic.

Article feedback

Submit Feedback

Related articles