Security Standard: Solutions Life Cycle Management

Security Standard: Solutions Life Cycle Management



The standard applies to new IT services (including third-party and RIT-hosted, and software as a service) that meet any one or more of the following:

  • host or provide access to Private or Confidential information
  • support a Critical Business Process



The following security controls are required to be implemented.

1.      Engagement

1.1.   Contact the Information Security Office prior to investigating, evaluating, selecting, or developing a new solution.

2.     Planning and Preliminary Risk... ...

Computer Incident Handling Standard

Computer Incident Handling Standard

RIT has created a process for handling computer incidents to ensure that each incident is appropriately resolved and further preventative measures are implemented.

Computer Incident Handling Standard

Who does the standard apply to?

  • The standard primarily applies to administrators of RIT-owned or leased computing devices.
  • The standard also applies to users of personally-owned or leased devices should the incident involve RIT resources.

What is an incident?

Incidents include the following types of events:

  • Physical loss
  • ... ...

Vulnerability Management Program at RIT

Vulnerability Management Program at RIT

In order to reduce information security risks, RIT conducts periodic vulnerability assessments that consist of scanning computers campus-wide for high-risk exposures. In addition, the ISO or its designee may scan as needed for vulnerabilities that are under attack.

What is RIT scanning for?

The vulnerability assessments will include scans of communication services, operating systems, and applications to identify high-risk system weaknesses that could be exploited by intruders. These exploits have the potential to compromise the confidentiality, integrity or availability of RIT information resources.

Which computers may be scanned?

All computers connected to the Institute campus network, including but not limited... ...