Explainer: Network Security Rule (4-004I)
Note: Rule 4-004I was deleted, effective September 12, 2023. For more information, please access the Node article “President Randall approves revised information security policy” or visit the U's Regulations website.
The University of Utah’s Network Security Rule (4-004I) supports the Information Security Policy (4-004). The U’s IT security policy, rules, and procedures aim to protect the university’s IT resources, systems, and data, including that of students, patients, faculty, staff, guests, vendors, and others.
What does it say?
The Network Security Rule outlines the requirements to protect university IT assets and data, and for supporting network infrastructure. These include various IT security measures, provisions for network service agreements, and the segmentation of IT resources, information systems, information assets, servers, and users.
Why should I care?
Rule 4-004I outlines the many technical requirements for network security. When correctly implemented, they can prevent an interruption of network service or a compromise of the university’s IT security.
A network service interruption could affect instruction, patient care, research, and other university activities.
If cybercriminals gain access to the university’s IT systems and resources, they could potentially steal confidential information and deploy ransomware. IT security breaches can also harm the U’s finances and reputation, and the privacy of U students, patients, faculty, and staff.
Who does it apply to?
The rule applies to all university students, faculty, staff, patients, and business partners, although the university and its IT staff are primarily responsible for compliance.
Up next in the June Node 4 newsletter — Log Management and Monitoring Rule (4-004J)
Node 4
Our monthly newsletter includes news from UIT and other campus/ University of Utah Health IT organizations, features about UIT employees, IT governance news, and various announcements and updates.