Information

Information Security at RIT

Since 2001, the RIT Information Security Office, in partnership with other community stakeholders, has been a leader in managing information security risk and building community resiliency through:

Confidentiality
Ensuring only those with sufficient privileges may access certain information.

Integrity
Ensuring information is whole, complete, and uncorrupted.

Availability
Ensuring access to information without interference or obstruction.


Our Mission

Provide leadership to the RIT community in safeguarding the confidentiality, integrity and availability of RIT’s information resources.

What We Do

  • Security Education, Training, and Awareness
  • Alerts/Advisories
  • Forensics/Investigations
  • Security Policies & Standards
  • Risk Management Framework
  • Structure and Resources

Risk... ...

Printer Best Practices

Printers often handle RIT Confidential information, but they can easily be overlooked when securing a network. Use the following best practices to secure any printers you support:

  • Update the firmware.
  • Assign a password for web access to the printer.
  • Change the SNMP community strings. (These are the equivalent of printer "passwords." "Public" and "private" are the defaults and are widely known.)
  • Disable any unused protocols. (Do you really need Novell IPX enabled, etc?)
  • If possible, change the default TCP port from 9100 to another port number. (Specific exploits target the default port and may cause the printers to print blank pages. However,
  • ... ...

Document Destruction

Document Destruction

Updated June 11, 2014

Why Have Document Destruction Activities?

Document Destruction Activities provide a focused opportunity for RIT faculty and staff to archive securely or dispose of paper records that contain private information. Private Information includes financial account numbers, social security numbers, driver’s license numbers and other information that can be used in identity theft. Participation in this activity will enable RIT to secure Private Information that could otherwise be used to facilitate identity theft. Document Destruction Activities are part of the RIT Private Information Management Initiative,... ...

Private Information Handling Quick Reference Table

Private Information Handling Quick Reference Table

This table provides recommendations on the correct handling of private information at RIT.

New York State defines private information (PI) as any personal information concerning a natural person combined with one or more of the following data elements: Social Security number, driver's license number, account number, or credit or debit card number in combination with any required security code.

Digital Self Defense 103 - Information Handling fulfills the training requirement for handling RIT Private or Confidential Information.

Consult the Identity Finder End User Guide for Windows or Mac for more information.... ...

PIMI Overview

Private Information Management Initiative (PIMI) Overview

The Private Information Management Initiative seeks to identify and reduce the amount of Private Information found on RIT computers and storage devices. Private information is information that is typically used to conduct identity theft and may include Social Security Numbers (SSNs), credit card numbers, driver’s license numbers, bank account information, etc.

Reducing the amount of Private Information (PI) will help safeguard the RIT community against identity theft and will help RIT comply with relevant state and federal laws. 

Goals

  1. Increase awareness of the importance of safeguarding all private information, not just SSNs
  2. Increase awareness
  3. ... ...