Signature

Requirements for Faculty/Staff

Faculty and Staff

Security Standards















Standard

When does it apply?

Desktop and Portable Computer Standard Always
Password Standard Always
Information Access & Protection Standard Always
Computer Incident Handling Standard Always
Portable Media Standard If you are storing Private or Confidential information on portable media, such as USB keys, CDs, DVDs, and flash memory. If you must store Private information on portable media, the media must be encrypted.
Web Security Standard
If you have a web page at RIT, official or unofficial, and you:

  • Own, administer, or maintain an official RIT web page that hosts or provides access to Private or Confidential Information.
  • Use RIT authentication services
Signature Standard If you are sending out an e-mail, MyCourses, or Message Center communication relating to Institute academic or business purposes. This applies to both RIT and non-RIT e-mail accounts.
Server Security Standard If you own or administer any production, training, test, or development server, and/or the operating systems, applications or databases residing on it.
Network Security Standard
If you own or manage a device that:

  • Connects to the centrally-managed Institute network infrastructure
  • Processes RIT Confidential or Operationally Critical information
Account Management
  • If you create or maintain RIT computer and network accounts.
  • Managers reporting changes in access privileges/job changes of employees.
Solutions Life Cycle Management
RIT departments exploring new IT services (including third-party and RIT-hosted, and software as a service) that meet any one or more of the following:

  • Host or provide access to Private or Confidential information
  • Support a Critical Business Process
Disaster Recovery

For business continuity and disaster recovery.  Applies to any RIT process/function owners and organizations who use RIT information resources.

NOTE The “in compliance by” date for this standard is January 23, 2016.

Authentication Service Provider Standard

If you are providing authentication services on network resources owned or leased by RIT.

NOTE The Authentication Service Provider Standard will retire on January 23, 2015 and be replaced by the Account Management Standard.

All instances of non-compliance with published standards must be documented through the exception process.

Information Handling Quick Links








Link Overview
Digital Self Defense 103 - Information Handling Covers important security issues at RIT and best practices for handling information safely.
Disposal Recommendations How to safely dispose of various types of media to ensure RIT Confidential information is destroyed.
Recommended and Acceptable Portable Media List of recommended and acceptable portable media devices (such as USB keys, CDs, DVDs, and flash memory).
Mobile Device Usage Recommendations Recommendations for mobile device usage at RIT
VPN Recommended for wireless access to RIT Confidential information.
E-mail at RIT Improve the security of your e-mail at RIT.

Safe Practices

  • Visit our Keeping Safe section to find security resources and safe practices and to see our schedule of upcoming workshops.

Questions

If you have questions or feedback about specific information security requirements, please contact us.

Requirements for Students

Requirements for Students

 

Standard
When does it apply?

Desktop and Portable Computer Standard

Always

Password Standard

Always

Signature Standard

Always - All authentic RIT communications should include an appropriate signature as per the standard. Make it a habit to check for an authentic signature when receiving messages from RIT.

Web Security Standard

If you have a web page at RIT, official or unofficial, and you:
  • Host or provide access to Confidential information. If you’re hosting or providing access to Private information, contact us at infosec@rit.edu immediately. Private or confidential information is defined in the Information Access and Protection Standard.
  • Use RIT authentication services

Computer Incident Handling Standard

If the affected computer or device:
  • Contains Private or Confidential information
  • Poses a threat to the Institute network

Network Security Standard

If you own or manage a device that:
  • Connects to the centrally-managed Institute network infrastructure
  • Processes Confidential information. If you’re providing access to Private information, contact us at infosec@rit.edu immediately.

Portable Media Standard

If you are storing Private or Confidential information on portable media, such as USB keys, CDs, DVDs, and flash memory.

Networking Devices

  • Currently, personal networking devices used on the RIT residential network (such as routers, switches, etc.) do not need to meet the Network Security Standard. Resnet has created separate guidelines for Using a Router/Wireless Router on the RIT Network.

Safe Practices

  • Visit our Keeping Safe section to find security resources and safe practices and to see our schedule of upcoming workshops.

Questions

If you have questions or feedback about specific information security requirements, please contact us.

E-mail at RIT

E-mail at RIT

E-mail is a standard communication tool. Unfortunately, it is also an ideal channel for social engineering and phishing attempts; protect yourself and your information.

Managing Your RIT E-mail

Visit the ITS E-mail Services page for RIT e-mail account set-up and usage resources.

E-mail Signatures

RIT requires all communications relating to Institute academic or business purposes to be signed with an appropriate signature. This includes e-mails from both RIT and non-RIT accounts, as well as MyCourses and Message Center communications. For more information on the new requirements, visit our Signature Standard web page.

RIT Confidential Information in E-mail

When sending RIT Confidential information through e-mail, the subject line of the e-mail must state that the information is RIT Confidential, and must reference the subject. For example:

From: RIT Employee A
Sent: Monday, February 11, 2008 10:05 AM
To: RIT Employee B
Subject: RIT Confidential - Performance Review
Signed By: employeeA @rit.edu

Body of e-mail...........

CONFIDENTIALITY NOTE: The information transmitted, including attachments, is intended only for the person(s) or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and destroy any copies of this information.

Signature Standard

Signature Standard

RIT uses a standardized signature to make authentic Institute communications easily recognizable. Uses of common signature elements by senders will help recipients detect counterfeit e-mails and phishing attempts. For more information, see the Signature Standard.

Who do the requirements apply to?

The requirements apply to:

  • All senders of e-mail related to Institute academic or business purposes sent by RIT faculty or staff using an RIT or non-RIT e-mail account. (The standard also applies to course-related e-mail sent via the RIT MyCourses system.)
  • All creators of Message Center communications.
  • E-mail messages sent from portable devices.
 

The requirements do not apply to:

  • Personal e-mail and e-mail sent by students. RIT students are encouraged to create an e-mail signature which makes their e-mail easily identifiable as authentic.

What do I have to do?

All e-mail or Message Center communications that support academic or business functions should contain the following:

  1. The name of the sender. (A department name is not an acceptable substitute for the name of a sender.)
  2. The name of the RIT-Specific organization or department the sender represents.
  3. A university telephone number, building address, and e-mail address (where available) that the recipient may use to contact the sending department with questions or to verify the authenticity of the e-mail. Web addresses may be included, but may not be the primary means of contact.
  4. The official RIT Confidentiality Statement, found at http://www.rit.edu/fa/legalaffairs/confidential.html
    Note that the Confidentiality Statement is not required for e-mails containing only Internal or Public information (e.g., mass communications such as Message Center, or mass mailings to external audiences such as prospective students, parents, etc.)

 

Subscribe to RSS - Signature