Standard

Encryption at RIT

Submitted by ISO Admin on Thu, 03/02/2017 - 10:05

Encryption at RIT

Several RIT Security Standards refer to ISO-approved encryption. ISO-approved encryption is divided into two categories: Preferred and Acceptable. Preferred encryption methods were chosen based on standard industry usage and their ability to support RIT business processes. RIT's current product is SentinelOne.

Preferred Encryption

... ...

Purpose

Encryption Algorithms

RIT Security Standard

Comments

Network Connections (including web browsers)

TLS 1.1 or higher 

Web, Network

 SSL is no longer secure. 

Laptop/Desktop Encryption

AES 256-bit is recommended, although AES 128-bit or higher

Exception Process and Compliance

Submitted by ISO Admin on Thu, 03/02/2017 - 09:55

Updated 6/11/14

Anyone not in compliance with an Information Security Standard is subject to sanctions including suspension of computer and network privileges and/or the full range of current Institute personnel and student disciplinary processes.

In a small number of circumstances, it may not be possible to comply with an Information Security Standard.   The Information Security Office has provided the following method for obtaining an exception to compliance with a published information security standard.  Exceptions should be approved and signed by the appropriate Information Trustee (VP, Dean, or CIO).  (An email endorsing the exception request is acceptable.)

An exception MAY be granted by... ...

Requirements for Students

Submitted by ISO Admin on Thu, 03/02/2017 - 09:54

Requirements for Students

 

... ...
Standard
When does it apply?

Desktop and Portable Computer Standard

Always

Password Standard

Always

Signature Standard

Always - All authentic RIT communications should include an appropriate signature as per the

Mobile Devices

Submitted by ISO Admin on Tue, 03/22/2016 - 10:51

Mobile Devices

Mobile devices are not always designed with security in mind and, as a result, are not as secure as most computers.

There are a number of ways in which information on a mobile device may be breached: theft of the device, attacks on your service provider, wireless hijacking or "sniffing", and unauthorized access. Because mobile devices may be more easily stolen or compromised, users of these devices must take precautions when using them to store or access Private or Confidential information. 

Private Information... ...

Account Management Standard

Submitted by kdbiso on Tue, 07/15/2014 - 13:05

Account Management Standard

The Account Management Standard provides requirements around creating and maintaining user and special accounts. The primary audience for the standard is account administrators. However, there are reporting requirements pertaining to personnel and roles and responsibility changes for managers as well.

Documented Standard

Current Account Management Standard (reflects 2015 operational changes, comply by 1/23/15)
  • ... ...