RIT
Center for Student Conduct & Conflict Management
Home Directories A-Z Index Info Center/SIS Search
Home Student Rights & Responsibilities Alcohol & Drug Policies Student Behavioral Consult Team Contacts
Photo
Student Conduct
Conduct Process
Advocacy
Alternative Educational Sanctions
Appeals Coordination
Statistics
Conflict Management
Mediation
Restorative Conferencing
Conflict Coaching
Training
Arrow RIT Information Security Policy

 

The information assets of Rochester Institute of Technology ("RIT") must be available to the RIT community, protected commensurate with their value, and must be administered in conformance with federal and state law. Reasonable measures shall be taken to protect these assets against accidental or unauthorized access, disclosure, modification or destruction, as well as to reasonably assure the confidentiality, integrity, availability, authenticity of information Reasonable measures shall also be taken to reasonably assure availability, integrity, and utility of information systems and the supporting infrastructure, in order to protect the productivity of members of the RIT community, in pursuit of the RIT mission.

Definitions:

Information Safeguards : Administrative, technical, and physical controls that support the confidentiality, integrity, availability, and authenticity of information.

Information systems and supporting infrastructure : Information in its analog and digital forms and the software, network, computers, tokens, and storage devices that support the use of information.

Lifecycle Protection : Information systems and supporting infrastructure have a lifecycle that begins with evaluation and selection, and advances through planning, development/acquisition, and operations through to disposal or retirement. Information safeguards are needed at all phases of the lifecycle.

Controls depend on the system, its capabilities, and expected usage, as well as anticipated threats against the information.

  • Preventive controls include use of encryption, information integrity measures, security configuration, media reuse, use of antivirus, and physical protection
  • Detective controls include network and information access monitoring, and intrusion detection (host based or network based), manual or automated review of security logs
  • Corrective controls include recovery plans from handling isolated information safeguard failure incidents to business continuity plans.

Therefore, RIT will take reasonable steps to:

  • Designate one or more individuals to identify and assess the risks to non-public or business-critical information within the Institute and establish an Institute-wide information security plan.
  • Develop, publish, maintain, and enforce standards for lifecycle protection of RIT information systems and supporting infrastructure in the areas of networking, computing, storage, human or device/application authentication, human or device/application access control, incident response, applications or information portals, electronic messaging, and encryption.
  • Develop, publish, maintain, and enforce standards for RIT workforce security related to the responsible use of information.
  • Provide training to authorized Institute users in the responsible use of information, applications, information systems, networks, and computing devices.
  • Develop, publish, maintain and enforce standards to guide RIT business associates and outsource partners in meeting RIT's standards of lifecycle protection when handling RIT information or supporting RIT information systems and supporting infrastructure.
  • Encourage the exchange of information security knowledge, including threats, risks, countermeasures, controls, and best practices both within and outside the Institute.
  • Periodically evaluate the effectiveness of information security controls in technology and process.

Approved May 17, 2006

 
Center for Student Conduct and Conflict Management Services @ RIT | E-mail: dmsrhs@rit.edu
Copyright © Rochester Institute of Technology. All Rights Reserved. | Disclaimer | Copyright Infringement