Comments or questions about these standards and procedures can be submitted to itsecurity@listserv.syr.edu. All of the IT standards listed below are based on Syracuse University policies, which are available on the University's Policies Web site.

Syracuse University Information Security Standard: This standard is the keystone of all the security standards, as it defines the kinds of data ("University data" or "University Information") that we are most concerned about protecting.

Component Standards:

• Remote Access Standard: Describes how people will access University data from remote locations or transport University data on mobile devices.
• Desktop Security Standard: Describes how desktops, laptops, and PDA's will be configured and used securely.
• Server Security Standard: Describes how University servers must be configured and managed.
• Authentication Standard: Describes how to manage authentication processes typically associated with accounts and passwords.
• Encryption Standard: Describes where encryption must be applied to stored data and network traffic.
• Data Sanitization Standard: Describes how to safely dispose of electronic media and devices.

• The Exception Process: Describes how to handle exception requests for existing policies and standards.
• The CIRT and Incident Handling - TBD
• Requesting an Investigation - TBD

© 1999 - 2009  Information Technology and Services
Syracuse University
Center for Science & Technology
Syracuse, NY 13244-4100
Phone (315)443-2677 - Fax (315)443-2775

For assistance contact consult@syr.edu