Resources

Forms, Checklists, and Templates

Forms, Checklists, and Templates

Many forms and checklists below are provided as Adobe PDF Fill-in forms and can be filled in and printed from Acrobat Reader. 

NOTE: these forms may contain Javascript. If you need a different format, please contact the RIT Information Security Office at Infosec@rit.edu or call 585-475-4123.

Form Name

Use

Exception Request Form

To request an exception from an RIT Security Standard (PDF Fill-In form)

Non Disclosure Agreement (NDA)

Optional NDA used at department discretion

RIT Systems Support Personnel Non Disclosure Agreement

Required for all systems support personnel

 

Checklist Name

Use

Desktop and Portable Computer Checklist General User

Compliance checklist for use by self-supported faculty, staff, and students.

Desktop and Portable Computer Checklist ITS-Supported Users Compliance checklist for use by ITS-supported faculty, staff, and students. (1/23/13)

Desktop and Portable Computer Checklist Systems Support

Systems support personnel compliance checklist for computers they support.

Server Security Checklist

Compliance checklist for use with the Server Security Standard

Network Security Checklist

Compliance checklist for use with the Network Security Standard

Web Standard Compliance Checklist

Compliance checklist for use with the Web Security Standard

 

Template Name

Use

MSWord RIT Confidential Template

For general marking of Confidential Information

MSWord RIT Internal Use Only Template

For general marking of Internal Information

Information Access and Protection Inventory Template (MS Excel)

For department use in creating an information inventory for Information Access and Protection.

 

Information Access & Protection Standard

Information Access & Protection Standard

The Information Access & Protection (IAP) Standard provides requirements for the proper handling of information at RIT.

Information Classifications

The standard classifies information into four categories: Private, Confidential, Internal, and Public.

Private information

Private information is information that is confidential and which could be used for identity theft. Private information also has additional requirements associated with its protection (e.g., state and federal mandates). Examples include:

  • Social Security Numbers (SSNs) or other national identification numbers
  • Driver’s license numbers
  • Financial account information (bank account numbers, checks, credit or debit card numbers), etc.

Confidential information

Confidential information is information that is restricted to a need-to-know basis and due to legal, contractual, ethical, or other constraints may not be accessed or communicated without specific authorization.

Internal information

Internal information is restricted to RIT faculty, staff, students, alumni, contractors, volunteers, and business associates for the conduct of Institute business.

Public information

Public information may be accessed or communicated by anyone without restriction and has no special handling requirements associated with it.

Who do the requirements apply to?

This Standard applies to everyone who accesses RIT Information Resources, whether affiliated with RIT or not, from on campus or from remote locations, including but not limited to: students, faculty, staff, contractors, consultants, temporary employees, alumni, guests, and volunteers.

What are RIT Information Resources?

RIT Information Resources include but are not limited to:

  • RIT-owned or leased transmission lines, networks, wireless networks, servers, exchanges, Internet connections, terminals, applications, and computers
  • Information owned by RIT or used by RIT under license or contract, in any form, including but not limited to:
    • Electronic media
    • Portable media
    • Electronic hardware
    • Software
    • Network communications devices
    • Paper
  • Personal computers, servers, wireless networks, mobile devices, and other devices not owned by RIT but intentionally connected to RIT Information Resources.

What do I have to do?

Everyone who accesses RIT Information Resources should know and understand the four classes of information at RIT and appropriate handling practices for each class. Specific roles and responsibilities are detailed in the Information Access and Protection Standard Plain English Guide.

Information Access & Protection Standard

 

Digital Self Defense Training

Digital Self Defense Training

DSD LogoThe Information Security Office provides Digital Self Defense training courses scheduled through the Center for Professional Development or by request. The program is divided into three courses: Introduction, Desktop Security Tools, and Information Handling. See below for more information about specific courses.

DSD 101 Introduction to Digital Self Defense

In this day of rapidly increasing Internet threats you need a leg up, a way to protect yourself and your loved ones (and your computer) against all of those people on the Internet who are out to get you.

We feel your pain and we've got the answer!

We're currently reworking the Intro to Digital Self Defense course and will announce the new course availability in fall 2013.

DSD 102 Desktop Security Tools

DSD 102 is currently not available.

DSD 103 Information Handling

RIT employees handle or are exposed to Private and Confidential information every week. It is important to use appropriate and secure information handling practices to protect these types of information. Inadvertent loss or disclosure of Private information may result in a Notification event under the NYS Information Security Breach and Notification Act.

Course Objectives

Attendees of the Digital Self Defense (DSD) 103 – Information Handling course will learn new and improve existing information handling skills. Specifically, the course explains the different classes of information at RIT, how these types of information should be treated, and the correct means of storage, transfer, and destruction to be used. Completion of the course should provide the user with the necessary knowledge to be in compliance with the Information Access & Protection (IAP) Standard.

DSD 103 Online Course

DSD 103 Information Handling is now available as a self-paced online class through the RIT E-Learning Zone.

  1. Access DSD 103 Information Handling Web-based training on the RIT E-Learning Zone
  2. Login with your RIT credentials
  3. Open the course.
  4. Click the blue triangle to launch the course. (You may want to perform a Browser Check to ensure your computer is configured correctly.)
  5. Take the course and complete the post-course assessment.

 

Pages

Subscribe to RSS - Resources