Recommended

Requirements for Faculty/Staff

Submitted by ISO Admin on Wed, 03/11/2020 - 11:15

Requirements for Faculty and Staff

Security Standards

... ...
Standard When does it apply?
Desktop and Portable Computer Standard Always
Password Standard Always
Information Access & Protection Standard Always
Cyber-Security (Computer) Incident Handling Standard Always
Portable Media

Encryption at RIT

Submitted by ISO Admin on Thu, 03/02/2017 - 10:05

Encryption at RIT

Several RIT Security Standards refer to ISO-approved encryption. ISO-approved encryption is divided into two categories: Preferred and Acceptable. Preferred encryption methods were chosen based on standard industry usage and their ability to support RIT business processes. RIT's current product is SentinelOne.

Preferred Encryption

... ...

Purpose

Encryption Algorithms

RIT Security Standard

Comments

Network Connections (including web browsers)

TLS 1.1 or higher 

Web, Network

 SSL is no longer secure. 

Laptop/Desktop Encryption

AES 256-bit is recommended, although AES 128-bit or higher

Document Destruction

Submitted by ISO Admin on Thu, 03/02/2017 - 10:04

Document Destruction

Updated June 11, 2014

Why Have Document Destruction Activities?

Document Destruction Activities provide a focused opportunity for RIT faculty and staff to archive securely or dispose of paper records that contain private information. Private Information includes financial account numbers, social security numbers, driver’s license numbers and other information that can be used in identity theft. Participation in this activity will enable RIT to secure Private Information that could otherwise be used to facilitate identity theft. Document Destruction Activities are part of the RIT Private Information Management Initiative, but they are managed... ...

Cloud Computing Best Practices

Submitted by ISO Admin on Thu, 03/02/2017 - 09:56

We've provided some general information below about cloud computing. At RIT, information handling requirements (including the use of non-RIT servers for storage) are articulated in the Information Access and Protection Standard. Refer to the standard for more information about storage restrictions based on information classification.

There are certainly some benefits to cloud computing, but the practice of saving content on the Internet is facing more scrutiny than ever. While there is no silver bullet solution to securing your cloud service, understanding how you can protect yourself is the best way to keep your information private.

Keep up to date... ...