Information

Information Security at RIT

Since 2001, the RIT Information Security Office, in partnership with other community stakeholders, has been a leader in managing information security risk and building community resiliency through:

Confidentiality
Ensuring only those with sufficient privileges may access certain information.

Integrity
Ensuring information is whole, complete, and uncorrupted.

Availability
Ensuring access to information without interference or obstruction.


Our Mission

Provide leadership to the RIT community in safeguarding the confidentiality, integrity and availability of RIT’s information resources.

What We Do

  • Security Education, Training, and Awareness
  • Alerts/Advisories
  • Forensics/Investigations
  • Security Policies & Standards
  • Risk Management Framework
  • Structure and Resources

Risk... ...

Phishing

Phishing

Phishing is a form of social engineering where the attacker attempts to trick people into revealing private information by sending spoofed e-mails that appear to be from reputable companies. Phishing e-mails provide a link to a seemingly authentic page where you can login and reveal your username, password and other personal identifying information (PII). Online scammers can then use this information to access your accounts, gather additional private information about you, and make purchases or apply for credit in your name.

 

Identifying a Phishing E-mail

  • Sender. Verify who the e-mail is coming from. If you do not recognize the
  • ... ...

Server Security Standard

Server Security Standard

The Server Standard provides requirements for server configuration and use at RIT.

A list of ISO-approved security assessment tools, HIPS programs, secure protocols, and a sample trespassing banner can be found in the Technical Resources

What does the standard apply to?

All servers (including production, training, test, and development) and the operating systems, applications, and databases as defined by this standard.

The standard does not apply to individual student-owned servers or faculty-assigned student servers for projects; however, administrators of these servers are encouraged to meet the Server Standard.

Recommended Strong Authentication Practices

The RIT Information Security... ...

Requirements for Faculty/Staff

Requirements for Faculty and Staff

Security Standards

... ...
Standard When does it apply?
Desktop and Portable Computer Standard Always
Password Standard Always
Information Access & Protection Standard Always
Computer Incident Handling Standard Always
Portable Media Standard

Cyber-Security Incident Handling Standard

Cyber-Security Incident Handling Standard

RIT has created a process for handling computer incidents to ensure that each incident is appropriately resolved and further preventative measures are implemented.

Cyber-Security Incident Handling Standard

Who does the standard apply to?

  • The standard primarily applies to administrators of RIT-owned or leased computing devices.
  • The standard also applies to users of personally-owned or leased devices should the incident involve RIT resources.

What is an incident?

Incidents include the following types of events:

  • Physical loss of a computing device
  • ... ...