|
Syracuse University IT security standards and procedures are created by the University's
Information Security Officer (ISO) in conjunction with the Information Security Council
(ISC) and are approved by the University's Chief Information Officer (CIO). The standards
and procedures are also subject to vetting and refinement by the Technology Leadership
Committee (TLC) and members of the campus technology community.
Comments or questions
about these standards and procedures can be submitted to itsecurity@listserv.syr.edu.
All of the IT standards listed below are based on Syracuse University policies, which are
available on the University's Policies Web site.
Syracuse University Information Security Standard: This standard is the keystone of all
the security standards, as it defines the kinds of data ("University data" or "University
Information") that we are most concerned about protecting.
Component Standards:
- Remote Access Standard: Describes how people will access University data from remote
locations or transport University data on mobile devices.
- Desktop Security Standard: Describes how desktops, laptops, and PDA's will be configured
and used securely.
- Server Security Standard: Describes how University servers must be configured and managed.
- Authentication Standard: Describes how to manage authentication processes typically
associated with accounts and passwords.
- Encryption Standard: Describes where encryption must be applied to stored data and
network traffic.
- Data Sanitization Standard: Describes how to safely dispose of electronic media and
devices. (To be written)
Associated Procedures:
- The Exception Process: Describes how to handle exception requests for existing policies
and standards.
- The CIRT and Incident Handling - TBD
- Requesting an Investigation - TBD
|
