Information

Server Security Standard

Server Security Standard

The Server Standard provides requirements for server configuration and use at RIT.

A list of ISO-approved security assessment tools, HIPS programs, secure protocols, and a sample trespassing banner can be found in the Technical Resources

What does the standard apply to?

All servers (including production, training, test, and development) and the operating systems, applications, and databases as defined by this standard.

The standard does not apply to individual student-owned servers or faculty-assigned student servers for projects; however, administrators of these servers are encouraged to meet the Server Standard.

Recommended Strong Authentication Practices

The RIT Information Security... ...

Requirements for Faculty/Staff

Requirements for Faculty and Staff

Security Standards

... ...
Standard When does it apply?
Desktop and Portable Computer Standard Always
Password Standard Always
Information Access & Protection Standard Always

Cyber-Security Incident Handling Standard

Cyber-Security Incident Handling Standard

RIT has created a process for handling computer incidents to ensure that each incident is appropriately resolved and further preventative measures are implemented.

Cyber-Security Incident Handling Standard

Who does the standard apply to?

  • The standard primarily applies to administrators of RIT-owned or leased computing devices.
  • The standard also applies to users of personally-owned or leased devices should the incident involve RIT resources.

What is an incident?

Incidents include the following types of events:

  • Physical loss of a computing device
  • ... ...

Information Access & Protection Standard

Information Access & Protection Standard

The Information Access & Protection (IAP) Standard provides requirements for the proper handling of information at RIT.

Information Classifications

The standard classifies information into four categories: Private, Confidential, Internal, and Public.

Private information

Private information is information that is confidential and which could be used for identity theft. Private information also has additional requirements associated with its protection (e.g., state and federal mandates). Examples include:

  • Social Security Numbers (SSNs), Individual Taxpayer Identification Numbers (ITINs), or other national identification numbers
  • Driver’s license numbers
  • Financial account information (bank account numbers, checks, credit or debit card numbers), etc.

Confidential... ...

Private Information Management Initiative (PIMI) FAQ

Jump to:

General

Responsibilities

Scanning/Results

Non-Windows

Questions


General

What is the Private Information Management Initiative?

The Private Information Management Initiative (PIMI) is a program where RIT Information Technology Services helps RIT faculty and staff scan their computers and attached drives to determine if they contain private information (PI). When PI is found, each RIT faculty and staff member is responsible for remediating the private information by scrubbing or shredding the files.

The program also includes destruction of paper files containing nonessential PI.

The goals of the program are to identify and reduce... ...