IT Security Topic — Policies

Last Updated: 09/25/2017


Knowing the rules for computing at CU Boulder is like knowing the rules of the road. Following the rules can help keep your computer and its information safe, and your campus IT journey free of traffic jams.


The rules of the road are based on common sense, and so are rules for computing. Just like you wouldn't slam into another car on purpose, hop medians or curbs, or do a u-turn into oncoming traffic, as a member of the campus community you have agreed not to illegally download copyrighted materials (including music, movies, software, video games, and images), abuse email privileges, use the network for commercial purposes, intentionally spread viruses or worms, and much, much more.

IT Policy

Use of CU Boulder’s IT resources is governed by policies issued by: the University of Colorado System, the AVC for IT & CIO, by The Office of Information Technology, and by individual campus IT departments, as well as by state and federal laws. Users of campus IT resources are responsible for understanding the privileges and responsibilities extended by those policies and laws – which are detailed on the AVC for IT website.

Useful policy links:

Why do we need security policies?

  • External factors forcing development of policy
    • Federal and State requirements
    • Payment Card Industry Data Security Standards
    • Increasingly Grant Funds Require IT Security Program & Policy
  • Existing policies have gaps which increases risk
  • Policies provide a guide to keep computer systems secure
  • System wide security program will help reduce exposure to security incidents
  • Policies help determine who and what to trust
    • Trust is a underling principle in both security and security policy
    • Trust, as with most security, requires balance
      • Too much trust will lead to security problems
      • Too little trust and it becomes difficult to get your work done or know you are a valued member of the University community
  • At the end of the day policies are the road map that we use to ensure that systems are available and data is protected.