Risk

Security Standard: Solutions Life Cycle Management

Security Standard: Solutions Life Cycle Management

 

 

 

Scope

 

The standard applies to new IT services (including third-party and RIT-hosted, and software as a service) that meet any one or more of the following:

 

  • host or provide access to Private or Confidential information
  • support a Critical Business Process

 

 

Requirements

 

The following security controls are required to be implemented.

 

1.      Engagement

 

1.1.   Contact the Information Security Office and ITS prior to investigating, evaluating, selecting, or developing a new... ...

Exception Process and Compliance

Updated 6/11/14

Anyone not in compliance with an Information Security Standard is subject to sanctions including suspension of computer and network privileges and/or the full range of current Institute personnel and student disciplinary processes.

In a small number of circumstances, it may not be possible to comply with an Information Security Standard.   The Information Security Office has provided the following method for obtaining an exception to compliance with a published information security standard.  Exceptions should be approved and signed by the appropriate Information Trustee (VP, Dean, or CIO).  (An email endorsing the exception request is acceptable.)

An exception MAY be granted by... ...

Information Security at RIT

Since 2001, the RIT Information Security Office, in partnership with other community stakeholders, has been a leader in managing information security risk and building community resiliency through:

Confidentiality
Ensuring only those with sufficient privileges may access certain information.

Integrity
Ensuring information is whole, complete, and uncorrupted.

Availability
Ensuring access to information without interference or obstruction.


Our Mission

Provide leadership to the RIT community in safeguarding the confidentiality, integrity and availability of RIT’s information resources.

What We Do

  • Awareness
  • Alerts/Advisories
  • Forensics/Investigations
  • Security Policies & Standards
  • Risk Management Framework
  • Structure and Resources

Risk Management Framework

... ...