Standard

Signature Standard

Signature Standard

RIT uses a standardized signature to make authentic Institute communications easily recognizable. Uses of common signature elements by senders will help recipients detect counterfeit e-mails and phishing attempts. For more information, see the Signature Standard.

Who do the requirements apply to?

The requirements apply to:

  • All senders of e-mail related to Institute academic or business purposes sent by RIT faculty or staff using an RIT or non-RIT e-mail account. (The standard also applies to course-related e-mail sent via the RIT MyCourses system.)
  • All creators of Message Center communications.
  • E-mail messages sent from portable devices.
 

The requirements... ...

Portable Media

Portable Media Security Standard

Portable media such as USB keys, flash memory, CDs/DVDs, etc. are a crucial part of daily business. However, portable media is easily lost or stolen and may cause a security breach.

Because portable media can be stolen or compromised easily, users should take precautions when using it to transfer or store Confidential information. We strongly discourage placing Private Information on portable media.

 

Approved Portable Media 

When handling RIT Private or Confidential information, you should use only portable media that provides an approved encryption level (the RIT Information Security... ...

Encryption at RIT

Encryption at RIT

Several RIT Security Standards refer to ISO-approved encryption. ISO-approved encryption is divided into two categories: Preferred and Acceptable. Preferred encryption methods were chosen based on standard industry usage and their ability to support RIT business processes. RIT's current product is McAfee FDE.

Preferred Encryption

... ...

Purpose

Encryption Algorithms

RIT Security Standard

Comments

Network Connections (including web browsers)

TLS 1.x 

Web, Network

SSL

Exception Process and Compliance

Updated 6/11/14

Anyone not in compliance with an Information Security Standard is subject to sanctions including suspension of computer and network privileges and/or the full range of current Institute personnel and student disciplinary processes.

In a small number of circumstances, it may not be possible to comply with an Information Security Standard.   The Information Security Office has provided the following method for obtaining an exception to compliance with a published information security standard.  Exceptions should be approved and signed by the appropriate Information Trustee (VP, Dean, or CIO).  (An email endorsing the exception request is acceptable.)

An exception MAY be granted by... ...

Standards Process

Policy Creation and Approval

Institute policies are created and approved through a shared governance process. A further description of this process can be found on the Academic Senate, Staff Council and Student Government websites. 

 

Standards Creation and Approval

In 2005, the RIT shared governance organizations approved the Information Security Policy which vested the Information Security Office with the role of leading the RIT community in the creation, approval and implementation of Information Security Standards.

  • Core Teams composed of subject matter experts meet to create draft standards that are supportable and comprehensive.
  • The
  • ... ...