Since 2001, the RIT Information Security Office, in partnership with other community stakeholders, has been a leader in managing information security risk and building community resiliency through:
Confidentiality
Ensuring only those with sufficient privileges may access certain information.
Integrity
Ensuring information is whole, complete, and uncorrupted.
Availability
Ensuring access to information without interference or obstruction.
Our Mission
Provide leadership to the RIT community in safeguarding the confidentiality, integrity and availability of RIT’s information resources.
What We Do
- Security Education, Training, and Awareness
- Alerts/Advisories
- Forensics/Investigations
- Security Policies & Standards
- Risk Management Framework
- Structure and Resources
Risk Management Framework
RIT has applied a risk management approach to information security. In order to manage information security risks, RIT attempts to:
- Assess risks to identify and prioritize the greatest information security risks
- Prevent information losses through policies/standards/guidelines, technical controls and education/training/awareness.
- In the event of a loss, RIT seeks to minimize that loss through incident response, business continuity, and disaster recovery. When it is unclear whether a loss has occurred, RIT will conduct a forensics investigation.
- In the event of a loss, RIT seeks to protect the RIT community from harm through risk management and insurance practices.
- RIT regularly evaluates information security through information security reviews and audits.
Step 1: Risk Assessment
Information security risk is created by the confluence of three major drivers: assets, vulnerabilities, and threats. In order to understand information security risk, it is necessary to understand the current and future state of each of these elements. In order to minimize risk, it is necessary to manage assets, vulnerabilities, and threats through formalized programs.
Step 2: Loss Prevention
Step 3: Loss Control
Loss Control is accomplished through initiatives in the following areas:
- Technical Controls
- Solutions Life Cycle Management, a formal process for reviewing new assets, potential risk, and appropriate controls
- Security Education, Training, and Awareness (SETA) Program
- Forensics Investigations and the Incident Handling Standard
Step 4: Loss Financing
Loss Financing transfers risks to third parties through:
- Contracts
- Insurance
- Self-Insurance
Step 5: Evaluation
Evaluation is provided through:
- An exception process to manage Residual Risk
- Metrics and reporting
- Audit support
Structure and Resources
Distributed roles and responsibilities
- RIT Information Security Council
- System and application administrators
- End users
Student Employment
- The RIT Information Security Office employs students with skillsets in information security, technical information design, and technical communication.
For more information, contact us at infosec@rit.edu.