Critical

Security Standard: Solutions Life Cycle Management

Security Standard: Solutions Life Cycle Management

 

 

 

Scope

 

The standard applies to new IT services (including third-party and RIT-hosted, and software as a service) that meet any one or more of the following:

 

  • host or provide access to Private or Confidential information
  • support a Critical Business Process

 

 

Requirements

 

The following security controls are required to be implemented.

 

1.      Engagement

 

1.1.   Contact the Information Security Office and ITS prior to investigating, evaluating, selecting, or developing a new... ...

Computer Incident Handling Standard

Computer Incident Handling Standard

RIT has created a process for handling computer incidents to ensure that each incident is appropriately resolved and further preventative measures are implemented.

Computer Incident Handling Standard

Who does the standard apply to?

  • The standard primarily applies to administrators of RIT-owned or leased computing devices.
  • The standard also applies to users of personally-owned or leased devices should the incident involve RIT resources.

What is an incident?

Incidents include the... ...

Vulnerability Management Program at RIT

Vulnerability Management Program at RIT

In order to reduce information security risks, RIT conducts periodic vulnerability assessments that consist of scanning computers campus-wide for high-risk exposures. In addition, the ISO or its designee may scan as needed for vulnerabilities that are under attack.

What is RIT scanning for?

The vulnerability assessments will include scans of communication services, operating systems, and applications to identify high-risk system weaknesses that could be exploited by intruders. These exploits have the potential to compromise the confidentiality, integrity or availability of RIT information resources.

Which computers may be scanned?

All computers connected to the Institute campus... ...