What We Do
In partnership with other community stakeholders, we are the leaders in managing information security risk and building community resiliency through:
Ensuring only those with sufficient privileges may access certain information.
Ensuring information is whole, complete, and uncorrupted.
Ensuring access to information without interference or obstruction.
Risk Management Framework
Step 1: Risk Assessment
Information security risk is created by the confluence of three major drivers: assets, vulnerabilities, and threats. In order to understand information security risk, it is necessary to understand the current and future state of each of these elements. In order to minimize risk, it is necessary to manage assets, vulnerabilities, and threats through formalized programs.
Step 2: Loss Prevention
- Shared governance creates policies.
- Standards articulate the requirements to achieve the object
- Guidelines provide technical and procedural details that are too specific or change too frequently to be included in the standards.
Step 3: Loss Control
Loss Control is accomplished through initiatives in the following areas:
- Technical Controls
- Solutions Life Cycle Management, a formal process for reviewing new assets, potential risk, and appropriate controls
- Security Education, Training, and Awareness (SETA) Program
- Forensics Investigations and the Incident Handling Standard
Step 4: Loss Financing
Loss Financing transfers risks to third parties through:
Step 5: Evaluation
Evaluation is provided through:
- An exception process to manage Residual Risk
- Metrics and reporting
- Audit support
Structure and Resources
Distributed roles and responsibilities
- RIT Information Security Council
- System and application administrators
- End users
- The RIT Information Security Office employs students with skillsets in information security, technical information design, and technical communication.
- Current available positions will be posted on Career Connect.
For more information, contact us at email@example.com.