Information

Portable Media

Portable Media Security Standard

Portable media such as USB keys, flash memory, CDs/DVDs, etc. are a crucial part of daily business. However, portable media is easily lost or stolen and may cause a security breach.

Because portable media can be stolen or compromised easily, users should take precautions when using it to transfer or store Confidential information. We strongyly discourage placing Private Information on portable media.

 

Approved Portable Media (updated 6/20/2013)

When handling RIT Confidential information, you should use only portable media that provides an approved encryption level (the RIT Information Security... ...

Server Security Standard

Server Security Standard

The Server Standard provides requirements for server configuration and use at RIT.

A list of ISO-approved security assessment tools, HIPS programs, secure protocols, and a sample trespassing banner can be found in the Technical Resources

What does the standard apply to?

All servers (including production, training, test, and development) and the operating systems, applications, and databases as defined by this standard.

The standard does not apply to individual student-owned servers or faculty-assigned student servers for projects; however, administrators of these servers are encouraged to meet the Server Standard.

Recommended Strong Authentication Practices

The RIT Information Security... ...

Network Security Standard

Network Security Standard

The Network Security Standard provides measures to prevent, detect, and correct network compromises. The standard is based on both new practices and best practices currently in use at RIT.

Please consult the checklist or the standard below for a complete list of requirements.

Who does it apply to?

All systems or network administrators managing devices that:

  • Connect to the centrally-managed Institute network infrastructure
  • Process Private or Confidential Information
 

Currently, personal network devices used on the RIT residential network (such as routers, switches, etc.) do not need to meet the Network Security Standard. However, the... ...

Computer Incident Handling Standard

Computer Incident Handling Standard

RIT has created a process for handling computer incidents to ensure that each incident is appropriately resolved and further preventative measures are implemented.

Computer Incident Handling Standard

Who does the standard apply to?

  • The standard primarily applies to administrators of RIT-owned or leased computing devices.
  • The standard also applies to users of personally-owned or leased devices should the incident involve RIT resources.

What is an incident?

Incidents include the... ...

Phishing

Phishing is a form of social engineering where the attacker attempts to trick people into revealing private information by sending spoofed e-mails that appear to be from reputable companies. Phishing e-mails provide a link to a seemingly authentic page where you can login and reveal your username, password and other personal identifying information (PII)." Online scammers can then use this information to access your accounts, gather additional private information about you, and make purchases or apply for credit in your name.

General protection against phishing scams 

Safe practices

  • NEVER RESPOND TO
  • ... ...