Policies and Guidelines

 

POLICY SUMMARIES

To help quickly locate information, we've created summaries of the most important security policies and standards.  The summaries only cover key elements of these policies and standards. If you need more detailed information, you should refer to the full documents given as links provided in the tables below. 

 Jump to section: POLICIES   STANDARDS  GUIDELINES

 

 INFORMATION SECURITY POLICIES

TITLE
STATUS 
DESCRIPTION
INFORMATION COVERED
GOVERNANCE GROUPS

 Information Security Policy(916)

Active

Defines at a high level the roles, responsibilities, and measures required to cost effectively manage risks related to University information resources.

  • Security Governance

  • Security Roles and Responsibilities 

  • Key Security Controls

Information Security Advisory Council

Use Of Computers And Data Communication (901)

 

Active

Outlines technology practices and utilization requirements necessary for ensuring University information systems are protected from misuse.

  • Acceptable Use

 

Information Security Advisory Council

 

Statement of Confidentiality (902)

Active

Outlines responsibilities for limiting access to confidential and senstive University information to a business/education need-to-know.

  • Non-Disclosure

 

 

Information Security Advisory Council

Payment Card Services Policy

Active

 

 Outlines process for authorizing units to accept payment cards, and campus compliance with the Payment Card Industry Data Security Standard
  •  Payment Card Compliance

 Payment Card Oversight Committee

INFORMATION SECURITY STANDARDS

TITLE
STATUS
DESCRIPTION
INFORMATION COVERED
GOVERNANCE GROUPS

Data Management Standard  

Active

Outlines the responsibilities and requirements needed to consistently protect the value and security of University data.

  • Data Governance

  • Data Classification

 

 Data Management Group

Information Security Advisory Council

Encryption Standard

DRAFT 

Defines the requirements necessary for securely managing encryption technologies in order to provide acceptable levels of protection for institutional data and systems. 
  • Logical Control Requirements 

Information Security Advisory Council

Enterprise Password Standard

Active

Defines the requirements associated with the management of passwords utilized for managing, accessing, and supporting University enterprise information systems.  
  • Password Creation and Management

 

Chancellor's Cabinet

Information Security Advisory Council 

Information Security Risk Management Standard

Active

Define the required processes and controls needed to effectively identify, analyze, report, and manage information risks related to University information assets. 
  • Information Security Risk Management 

Information Security Advisory Council

 

IT Security Liasons

Minimum Security Standard

Active

Define the specific minimum technical security practices needed to protect different types of University information resources based on the degree of risk that may be realized should these resources be compromised, stolen, degraded, or destroyed.
  • Technical Security Measures.

Information Security Advisory Council

IT Security Liasons


INFORMATION SECURITY GUIDELINES

TITLE
STATUS
DESCRIPTION
INFORMATION COVERED
GOVERNANCE GROUPS

Secure File Storage and Sharing

Active

 Provides guidance of which campus technologies can be used to securely transmit or store different types of University data.

  • How to securely transmit and store confidential data.

  • What practices to avoid to help prevent potential data breach. 

Information Security Advisory Council

Mobile Device Security

Active

Provide guidance and best practices to secure mobile devices to help safeguard both personal and University data.

  • Mobile device security steps.

 

Information Security Advisory Council

 


Looking For IT Services?

Logo for Technology Application Service Catalog


Advanced