Standard

Portable Media

Portable Media Security Standard

Portable media such as USB keys, flash memory, CDs/DVDs, etc. are a crucial part of daily business. However, portable media is easily lost or stolen and may cause a security breach.

Because portable media can be stolen or compromised easily, users should take precautions when using it to transfer or store Confidential information. We strongly discourage placing Private Information on portable media.

 

Approved Portable Media 

When handling RIT Private or Confidential information, you should use only portable media that provides an approved encryption level (the RIT Information Security... ...

Encryption at RIT

Encryption at RIT

Several RIT Security Standards refer to ISO-approved encryption. ISO-approved encryption is divided into two categories: Preferred and Acceptable. Preferred encryption methods were chosen based on standard industry usage and their ability to support RIT business processes. RIT's current product is SentinelOne.

Preferred Encryption

... ...

Purpose

Encryption Algorithms

RIT Security Standard

Comments

Network Connections (including web browsers)

TLS 1.1 or higher 

Web, Network

SSL is no longer secure. 

Laptop/Desktop Encryption

AES 256-bit is recommended, although AES 128-bit or higher

Requirements for Students

Requirements for Students

 

... ...
Standard
When does it apply?

Desktop and Portable Computer Standard

Always

Password Standard

Always

Signature Standard

Always - All authentic RIT communications should include an appropriate signature as per the

Mobile Devices

Mobile Devices

Mobile devices are not always designed with security in mind and, as a result, are not as secure as most computers.

There are a number of ways in which information on a mobile device may be breached: theft of the device, attacks on your service provider, wireless hijacking or "sniffing", and unauthorized access. Because mobile devices may be more easily stolen or compromised, users of these devices must take precautions when using them to store or access Private or Confidential information. 

Private Information... ...

Account Management Standard

Account Management Standard

The Account Management Standard provides requirements around creating and maintaining user and special accounts. The primary audience for the standard is account administrators. However, there are reporting requirements pertaining to personnel and roles and responsibility changes for managers as well.

Documented Standard

Account Management Standard
  • ... ...