Data Security
Data Security
Supporting Policies
The university has established several policies that govern the stewardship and use of information technology resources and institutional data in order to maintain specific university-wide standards and practices. These policies are used to:
- comply with applicable executive orders, legal, regulatory and contractual mandates
- protect the privacy and security of confidential information
- manage the ongoing operations of support infrastructure such as service centers, training programs and technical services
- delineate the roles and responsibilities for the stewardship and use of data that is captured, stored, shared, and managed by the university.
Supporting Information Security Policies, Plans and Controls
| Policy | What is it? | Who does it apply to? | What needs to be done? |
| AUP(Acceptable Use Policy) | establishes acceptable uses of resources and user responsibilities | anyone using resources | review and accept conditions of the AUP |
| Data Privacy | describes the info the university collects and way disclosed | anyone visiting university website or providing info | anyone involved in capturing, storing, sharing data |
| Record Retention | systematic management of records to meet standards | applies to all records | admin offices and academic depts must develop plans in accordance |
| Information Security Incident Response Plan | provides for a response to any reported security breach | addresses systems or media that have been lost or stolen | everyone should report suspected security breaches |
| Infrastructure Management Policy | establishes appropriate operation guidelines for administrating university computers systems | ensures secure availability of technical services | all protected info systems must be restricted to authorized users |
| Data Classification | defines responsibility for adhering to security practices | all personnel are responsible for security of data they access | read the policy and follow outlined standards |
| Management of Administrative and Student Information Systems | requirements for operating departmental information systems | anyone with responsibility for information systems | read the policy and follow outlined standards |
| Network Security Policy | minimum precautions for securing devices on the wireless and wired network | anyone at the university using a computer connected to the network | read the policy and follow procedures. use a VPN (virtual private network for authentication) |
| Security Awareness Training Policy | sets the training standards | ensures all are trained appropriately | deliver training in a timely manner |
