These guidelines, published in March 2009, were developed with the input and support of the Senate Information Technology Committee and the Security Community of Practice. The guidelines will continue to evolve as new risks emerge.
These guidelines are intended to:
|All Users||Laptop & Desktop||A1. Antivirus and Anti-Spyware|
|All Users||Laptop & Desktop||A2. Security Updates and Patches|
|All Users||Laptop & Desktop||A3. File Sharing and Remote Access|
|All Users||Laptop & Desktop||A4. Secure Data Deletion and Destruction|
|All Users||Laptop & Desktop||A5. Encryption|
|All Users||Laptop & Desktop||A6. Physical Computer Locking|
|All Users||Laptop & Desktop||A7. Account Passwords|
||Laptop & Desktop||A8. Operating System Accounts|
|All Users||Passwords||B1. NetID Password Hijacking|
|All Users||Passwords||B2. Sharing Your Personal NetID Password|
|All Users||Passwords||B3. Password Changes|
|System Administrators||Servers & Network||C1. Physical Location of Servers|
|System Administrators||Servers & Network||C2. Active Services and Open Ports|
|System Administrators||Servers & Network||C3. Backups|
|System Administrators||Servers & Network||C4. Firewalls|
|System Administrators||Servers & Network||C5. Remote Access|
|System Administrators||Servers & Network||C6. Physical Location of Network Devices|
|Department Heads||Systems & Applications||D1. System Assessments|
|Principal Investigators||Systems & Applications||D1. System Assessments|
|Department Heads||Systems & Applications||D2. Permissions|
|Principal Investigators||Systems & Applications||D2. Permissions|
|Information Stewards||Systems & Applications||D2. Permissions|
|Department Heads||Confidentiality Agreements||E1. Queen's Employee Requirements|
|Principal Investigators||Confidentiality Agreements||E1. Queen's Employee Requirements|
|Department Heads||Confidentiality Agreements||E2. Third-party Requirements|
|Principal Investigators||Confidentiality Agreements||E2. Third-party Requirements|
|All Users||Security Incidents||F1. Actual or Suspected Unauthorised Access|
|All Users||Peripherals||G1. Multifunction Devices|
These guidelines are provided to assist in planning and operational decision-making. In some cases it may be difficult to alter system planning and implementation decisions to comply with these guidelines. Where there is risk that personal and confidential information or systems security may be compromised, modifications will be necessary.
Either the head of the department or the principal investigator of a research group will be responsible for ensuring that all employees are aware of and are working within policy and recommended practices for safeguarding personal and confidential information.
EISG Reference Materials (PDF*, 531 KB)
Please contact the Information Systems Security Office.
* PDF files can be read for free using Adobe Acrobat Reader.