Electronic Information Security Guidelines (EISG)

These guidelines, published in March 2009, were developed with the input and support of the Senate Information Technology Committee and the Security Community of Practice. The guidelines will continue to evolve as new risks emerge.

These guidelines are intended to:

1. help the Queen’s University community understand the risks inherent in using and managing electronic information; and
2. recommend measures and practices that can help to safeguard the security of information in electronic form.

Applicable To	Category	Title
All Users	Laptop & Desktop	A1. Antivirus and Anti-Spyware
All Users	Laptop & Desktop	A2. Security Updates and Patches
All Users	Laptop & Desktop	A3. File Sharing and Remote Access
All Users	Laptop & Desktop	A4. Secure Data Deletion and Destruction
All Users	Laptop & Desktop	A5. Encryption
All Users	Laptop & Desktop	A6. Physical Computer Locking
All Users	Laptop & Desktop	A7. Account Passwords
All Users	Laptop & Desktop	A8. Operating System Accounts
All Users	Passwords	B1. NetID Password Hijacking
All Users	Passwords	B2. Sharing Your Personal NetID Password
All Users	Passwords	B3. Password Changes
System Administrators	Servers & Network	C1. Physical Location of Servers
System Administrators	Servers & Network	C2. Active Services and Open Ports
System Administrators	Servers & Network	C3. Backups
System Administrators	Servers & Network	C4. Firewalls
System Administrators	Servers & Network	C5. Remote Access
System Administrators	Servers & Network	C6. Physical Location of Network Devices
Department Heads	Systems & Applications	D1. System Assessments
Principal Investigators	Systems & Applications	D1. System Assessments
Department Heads	Systems & Applications	D2. Permissions
Principal Investigators	Systems & Applications	D2. Permissions
Information Stewards	Systems & Applications	D2. Permissions
Department Heads	Confidentiality Agreements	E1. Queen's Employee Requirements
Principal Investigators	Confidentiality Agreements	E1. Queen's Employee Requirements
Department Heads	Confidentiality Agreements	E2. Third-party Requirements
Principal Investigators	Confidentiality Agreements	E2. Third-party Requirements
All Users	Security Incidents	F1. Actual or Suspected Unauthorised Access
All Users	Peripherals	G1. Multifunction Devices

Additional Information

These guidelines are provided to assist in planning and operational decision-making. In some cases it may be difficult to alter system planning and implementation decisions to comply with these guidelines. Where there is risk that personal and confidential information or systems security may be compromised, modifications will be necessary.

Either the head of the department or the principal investigator of a research group will be responsible for ensuring that all employees are aware of and are working within policy and recommended practices for safeguarding personal and confidential information.

 EISG Reference Materials (PDF*, 531 KB)

Questions?

Please contact the Information Systems Security Office.

 

* PDF files can be read for free using Adobe Acrobat Reader.