Data Security description of University of Turku

Data Security description of University of Turku  (2016-08-17) 

Permanent link to this page: https://www.utu.fi/data-security-description

IT Services provides the common ICT infrastructure and services for university’s faculties and other departments. These include the network infrastructure, centralized services, virtual server platforms, User IDs, workstations, smartphones, storage facilities, data security services, software licenses, help desk services and lifecycle management.

Network infrastructure is configured and maintained on-site by university staff both physically and logically. The network is divided into separate zones according to specific needs (physical, wireless, services, workstations, protected usage, etc.). Storage facilities, servers and other services are produced on-premises unless stated otherwise. IT services’ data center is located in three separate facilities in and near the campus.

Campus buildings are secured by centralized key management and, if needed, by security zones. University purchases security guarding services and alarm systems as needed. IT services are produced and administered in premises secured according to government physical security standard level 3, which states no unauthorized persons are allowed in without escort and the premises are kept locked at all times.

All authorized users are subject to Rules of IT Service Use. New users are identified using government-issued identification documents or by citizens’ identification and payment service. Each new employee for services administration in the IT Services department will be briefed to security practices by the CISO.

Workstations are by default provided and maintained by IT Services. University provides a campus license to most widely used software and operating systems. Departments are free to administer their own specialized equipment provided they decide to invest their own resources to administer the equipment securely, continuously, and according to Administrative rules of IT services​.

All IT services and their administration is subject to Administrative rules of IT services and the university information security policy. They define the acting principles of administration, which are: Good administration practice, Respecting the Right to Privacy, and Professional Secrecy.

Data security is upheld by 7 main measures:

  • Centralized administration by separate administration accounts and compartmentalized user privileges
  • Use of current and reliable hardware, and software which is updated continuously
  • Centralized identity management (IDM)
  • Locally administered industry-standard network infrastructure and services
  • Common server platforms with minimal tailoring
  • Continuous monitoring of network traffic patterns and service statistics
  • Widely deployed security software and other monitoring tools

If your project needs a more comprehensive description, please let us know. 

 

Contact information for additional details: 

Mats Kommonen
Chief Information Security Officer 
University of Turku
tietoturvapaallikko@utu.fi