Standard

Cyber-Security Incident Handling Standard

Cyber-Security Incident Handling Standard

RIT has created a process for handling computer incidents to ensure that each incident is appropriately resolved and further preventative measures are implemented.

Cyber-Security Incident Handling Standard

Who does the standard apply to?

  • The standard primarily applies to administrators of RIT-owned or leased computing devices.
  • The standard also applies to users of personally-owned or leased devices should the incident involve RIT resources.

What is an incident?

Incidents include the following types of events:

  • Physical loss of a computing device
  • ... ...

Password

Passwords

Having a strong password is increasingly important. Weak passwords can be "guessed" or "cracked" using free software available online, allowing unauthorized access that can result in identity crimes, extortion, or damage to reputation through the disclosure of sensitive or private information (yours and RIT's). Choosing a strong password and changing it regularly are two of the most important things you can do to protect yourself online.  Follow the password standard and subscribe to our social media outlets for password tips and tricks!

Password Standard

Documented Standard

  • Current Password
  • ... ...

Desktop and Portable Computer Security Standard

To protect the RIT community and the Institute network from computer-borne threats, RIT has created minimum security requirements for desktop and laptop computers.

Desktop and Portable Computer Standard

  • Current Desktop/Portable Computer Standard (reflects 2015 operational changes, supersedes previous version, effective 1/23/15)

What does it apply to?

  • All RIT-owned or leased computers.
  • Any computer (physical or virtual) connecting to the RIT network through a physical, wireless, dial-up, or VPN connection.

The standard is not required for:

The following devices should employ these controls... ...

Signature Standard

Signature Standard

RIT uses a standardized signature to make authentic Institute communications easily recognizable. Uses of common signature elements by senders will help recipients detect counterfeit e-mails and phishing attempts. For more information, see the Signature Standard.

Who do the requirements apply to?

The requirements apply to:

  • All senders of e-mail related to Institute academic or business purposes sent by RIT faculty or staff using an RIT or non-RIT e-mail account. (The standard also applies to course-related e-mail sent via the RIT MyCourses system.)
  • All creators of Message Center communications.
  • E-mail messages sent from portable devices.
 

The requirements... ...

Portable Media

Portable Media Security Standard

Portable media such as USB keys, flash memory, CDs/DVDs, etc. are a crucial part of daily business. However, portable media is easily lost or stolen and may cause a security breach.

Because portable media can be stolen or compromised easily, users should take precautions when using it to transfer or store Confidential information. We strongly discourage placing Private Information on portable media.

 

Approved Portable Media 

When handling RIT Private or Confidential information, you should use only portable media that provides an approved encryption level (the RIT Information Security... ...