Information

Exception Process and Compliance

Updated 6/11/14

Anyone not in compliance with an Information Security Standard is subject to sanctions including suspension of computer and network privileges and/or the full range of current Institute personnel and student disciplinary processes.

In a small number of circumstances, it may not be possible to comply with an Information Security Standard.   The Information Security Office has provided the following method for obtaining an exception to compliance with a published information security standard.  Exceptions should be approved and signed by the appropriate Information Trustee (VP, Dean, or CIO).  (An email endorsing the exception request is acceptable.)

An exception MAY be granted by... ...

Requirements for Faculty/Staff

Requirements for Faculty and Staff

Security Standards

... ...
Standard When does it apply?
Desktop and Portable Computer Standard Always
Password Standard Always
Information Access & Protection Standard Always

Security Education, Training, & Awareness

Security Education, Training, & Awareness

Information security is a complex and constantly changing field that individuals at every level of the organization need to keep pace with in order to keep RIT information resources secure.  RIT offers the following education training and awareness programs to assist everyone from end user to system administrators to keep current with information security trends.

Academic Education

  • The GCCIS Department of Computing Security provides a variety of information security courses at the graduate and undergraduate level.

Training

  • Orientation sessions: The ISO often provides introductory information security training and materials at new student and new
  • ... ...

Mobile Devices

Mobile Devices

Mobile devices are not always designed with security in mind and, as a result, are not as secure as most computers.

There are a number of ways in which information on a mobile device may be breached: theft of the device, attacks on your service provider, wireless hijacking or "sniffing", and unauthorized access. Because mobile devices may be more easily stolen or compromised, users of these devices must take precautions when using them to store or access Private or Confidential information. 

Private Information... ...

Plain English Guide to the Information Security Policy

Plain English Guide to the Information Security Policy 

RIT has issued an Information Security Policy. The Policy provides the strategic direction needed to implement appropriate information safeguards for RIT information and the Institute network. This Plain English Guide provides explanation and illustration of the Policy and is provided as an aid to help you understand and implement the requirements of the Policy. The Policy itself is authoritative. The policy is effective immediately.

Why did RIT issue the policy?

The Policy authorizes RIT to take reasonable measures to protect RIT information and computing assets in an age... ...