Since 2001, the RIT Information Security Office, in partnership with other community stakeholders, has been a leader in managing information security risk and building community resiliency through:

Confidentiality
Ensuring only those with sufficient privileges may access certain information.

Integrity
Ensuring information is whole, complete, and uncorrupted.

Availability
Ensuring access to information without interference or obstruction.

---

Our Mission

Provide leadership to the RIT community in safeguarding the confidentiality, integrity and availability of RIT’s information resources.

What We Do

• Security Education, Training, and Awareness
• Alerts/Advisories
• Forensics/Investigations
• Security Policies & Standards
• Risk Management Framework
• Structure and Resources

Risk... ...

The following tools should be used in combination to conduct security assessments.

Private Information Management Initiative (PIMI) Overview

The Private Information Management Initiative seeks to identify and reduce the amount of Private Information found on RIT computers and storage devices. Private information is information that is typically used to conduct identity theft and may include Social Security Numbers (SSNs), credit card numbers, driver’s license numbers, bank account information, etc.

Reducing the amount of Private Information (PI) will help safeguard the RIT community against identity theft and will help RIT comply with relevant state and federal laws. 

Goals

1. Increase awareness of the importance of safeguarding all private information, not just SSNs
2. Increase awareness
... ...

In order to reduce information security risks, the RIT Information Security Office (ISO) actively works to identify threat agents that are seeking to exploit vulnerabilities in the environment.   This  consist of scanning network traffic for threats.  For more information please contact the Information Security Officer. Current Internet Threats

• Internet Storm Center (SANS)
• Current Internet Threat Level (ISS)
• United States Computer Emergency Response Team (US-CERT)
• Stay Safe Online.Org (National Cyber Security Alliance)
... ...

Vulnerability Management Program at RIT

In order to reduce information security risks, RIT conducts periodic vulnerability assessments that consist of scanning computers campus-wide for high-risk exposures. In addition, the ISO or its designee may scan as needed for vulnerabilities that are under attack.

What is RIT scanning for?

The vulnerability assessments will include scans of communication services, operating systems, and applications to identify high-risk system weaknesses that could be exploited by intruders. These exploits have the potential to compromise the confidentiality, integrity or availability of RIT information resources.

Which computers may be scanned?

All computers connected to the Institute campus... ...