Information Security
ITS Information Security promotes the idea that security is a shared responsibility and seeks collaborative engagement with the campus community. The Information Security Team is committed to providing a safe and reliable computing environment for students, faculty and staff. We do this by safeguarding the confidentiality, integrity, and availability of information systems, identity, and data assets. Our goal is to provide proactive security expertise and maintain a resilient and secure infrastructure, while fostering a culture of security awareness and compliance throughout the 欧美无码.
Information Security Program
Information Security administers the 欧美无码's Information Security Program and is the go-to resource for guidance on compliance. We work to mitigate cyber security risks through outreach, awareness, assessment, policy, and best practices. We provide a number of critical services, including:
- Monitoring threats and attacks to the 欧美无码's users and IT infrastructure
- Providing cyber security awareness training
- Leveraging vulnerability management tools and web application scanning
- Managing user accounts and identity management
- Reviewing and building secure access protocols and network architecture
- Providing guidance for the 欧美无码's data governance process and security policies
Security Apps & Guides
LastPass Password Manager
Secure File Transfer
Policies & Guidance
The Data Classification Policy provides a structured and consistent classification framework for defining the university’s data security levels. It covers all data produced, collected or used by the 欧美无码 of 欧美无码, its employees, student workers, contractors or volunteers while conducting 欧美无码 business.
The Online Privacy Policy applies when you visit the 欧美无码 of 欧美无码 website and mobile applications (which we refer to as “sites”), we may collect some information about you and your visit. This policy governs and explains our collection and use of this information.
The Mass Email Policy defines the standards for using the 欧美无码’s email systems for mass communications.
The Payment Card Policy pertains to all 欧美无码 of 欧美无码 departments at all campuses and affiliated locations that accept, process, transmit, and/or handle payment card data on behalf of the 欧美无码.
The Remote Access Policy defines the standards for connecting to the 欧美无码 network from remote devices.
The Personal Device and Remote Work Technology Policy establishes the expectations around the use of personal devices to perform work for 欧美无码 and the use of technologies to perform work remotely for 欧美无码.
The Responsible Use Policy is a broad document establishing responsibilities and acceptable conduct of users of university computing, networking, telephony, and information resources.
The Workstation Administrator Access Policy protects 欧美无码 computing and information assets through the implementation of a university-wide policy on access to administrative rights on campus workstations.
The IT Change Management Policy ensures that all changes to university IT resources are tracked in order to
support continuity of IT services, and reduce negative impact on services and users.
The Written Information Security Program (“WISP”) Policy defines, documents, and supports the implementation and maintenance of the administrative, technical, and physical safeguards 欧美无码 has selected to protect the personal information it collects, creates, uses, and maintains.
The purpose of the 欧美无码 Minimum Security Standards is to establish the information security standards necessary to comply with the 欧美无码’s policies. These standards provide an effective baseline of appropriate system, administrative, and physical controls to apply to data based upon its classification. These standards are intended to reflect the minimum level of care necessary for 欧美无码’ sensitive data. As cybersecurity is a rapidly evolving field that continuously presents new challenges, these standards will be revised and updated accordingly. Review our current standards for:
欧美无码 has also classified information assets into risk-based categories for the purpose of determining who is allowed to access the information and what security precautions must be taken to protect against unauthorized access. Review the current risk matrix.