Resource

Information Access & Protection Standard

Information Access & Protection Standard

The Information Access & Protection (IAP) Standard provides requirements for the proper handling of information at RIT.

Information Classifications

The standard classifies information into four categories: Private, Confidential, Internal, and Public.

Private information

Private information is information that is confidential and which could be used for identity theft. Private information also has additional requirements associated with its protection (e.g., state and federal mandates). Examples include:

  • Social Security Numbers (SSNs), Individual Taxpayer Identification Numbers (ITINs), or other national identification numbers
  • Driver’s license numbers
  • Financial account information (bank account numbers, checks, credit or debit card numbers), etc.

Confidential... ...

Security Assessment Tools

The following tools should be used in combination to conduct security assessments.

Unified vulnerability management enterprise solution
 
 
Network Vulnerability Scanner
 
... ...

Host Intrusion Prevention (RIT-owned/leased computers only)

Note: This requirement applies only to RIT-owned and leased computers. There is currently no requirement for personally-owned machines to run host intrusion prevention.

Currently, personal networking devices used on the RIT residential network (such as routers, switches, etc.) do not need to meet the Network Security Standard. Resnet has created separate guidelines for Using a Router/Wireless Router on the RIT Network.

The following products have all been tested by the Information Security Office and approved for use on RIT-owned/leased computers.

Recommended Host-based Intrusion Prevention Software

Server

... ...

Program

Forms, Checklists, and Templates

Forms, Checklists, and Templates

Many forms and checklists below are provided as Adobe PDF Fill-in forms and can be filled in and printed from Acrobat Reader. 

NOTE: These forms may contain Javascript. If you need a different format, please contact the RIT Information Security Office at Infosec@rit.edu or call 585-475-4123.

... ...

Form Name

Use

Exception Request Form

To request an exception from an RIT Security Standard (PDF Fill-In form)

Non Disclosure Agreement (NDA)

Optional NDA used at

Safe Online Shopping & Banking

Jump to:

Use a Secure Computer

Reseach the Company/Website

Research the Product/Service

Use Strong Passwords

Make Sure the Website Uses Encryption

Use a Secure Payment Method

Monitor Your Accounts

Problems and Complaints

Additional Links

Use a Secure Computer

Make sure your computer meets the RIT Desktop & Portable Computer Standard before getting online. In addition to up-to-date anti-virus, make sure that your operating system and your web browser have the latest security patches installed.

Don't use public computers to send private information over the Internet. You cannot... ...