New and Revised Information Security Requirements

smileybloatNetworking and Communications

Nov 20, 2013 (3 years and 6 months ago)

73 views

New and Revised Information Security
Requirements

The Information Security Office has issued
one

new
and three

revised standards to ensure the
security and availability of information for the RIT community.
Standards are
part

of the RIT
Information Securit
y Policy
(C8.1)
and

their requirements will

affect you. The new information
security standards are:




Signature (effective 7/1/09)




Desktop and Portable Computer (revised) (effective 8/1/09)



Server (revised) (effective 8/1/09)



Network (revised) (effective 8
/1/09)


Overview of the
N
ew
S
ecurity
R
equirements

Signature Standard

The Signature Standard requires

specific signature elements
(name, department, contact
information, confidentiality statement)
when using Message Center or sending
“official”
mail
from R
IT e
-
mail addresses

(including within myCourses
)
. Standardized signatures will make
authentic Institute communications easily recognizable.
The u
se of common signature elements
by senders will help recipients detect counterfeit e
-
mails and phishing attempt
s.


Visit
http://security.rit.edu/signaturestd.html

for more information.


Desktop and Portable Computer
Security Standard
(revised)

The Desktop and Portable Computer Security Standard provides req
uirements for
all

computers
that connect to the RIT network, excluding computers that connect only through their web
browsers.
There are increased security requirements for RIT
-
owned computers
.

This standard will impact the entire RIT community.

Your syst
ems support personnel (help
desks) will assist you in meeting the new requirements.


The RIT Information Security Office provides a Plain English Guide and other web
-
based
resources to support implementation of the standard. Visit
http://security.rit.edu/desktop.html

for
more information



Server Security Standard (revised)

The Server Security Standard provides requirements for the configuration and maintenance of all
servers at RIT. Although some speci
fic instances are excluded from

the requirements, most
servers

(
including those administered by students
)

must comply with the standard.

This standard will impact
server owners and administrators within the

RIT community.

Server
owners and administrators a
re responsible for ensuring their servers meet the requirements of the
standard.


The RIT Information Security Office provides a Plain English Guide, a compliance checklist and
other web
-
based resources to support implementation of the standard. Visit
http://security.rit.edu/server.html

for more information



Network Security Standard (revised)

The Network Security Standard
provides requirements for
the usage,
implementation and
configuration

of

n
etwork
d
evices
.


Although
personally
-
owned devices within the residential network are
excluded from this
standard, requirements for the
ir

use are determined by Information Technology Services.

The standard is expected to have minimal impact on the majority of the
RIT community. Network
a
dministrators will have increased configuration and documentation responsibilities.

The RIT Information Security Office provides a compliance checklist and other web
-
based
resources to support implementation of the standard. Visit
http://security.rit.edu/network.html

for
more information



For more information

RIT Information Security Standards
provide requirements

to
help RIT
meet current and emerging
threats and are benchmarked
against our peer universities. The new standards help
RIT
protect
itself
against threats to information compromise that can ultimately affect our productivity and
reputation and help us to meet legislative mandates for the protection of information.




Bec
ause compliance with standards often requires change, we have used a rigorous process to
achieve reasonableness and support of the standard across the Institute.
The standards were
developed and reviewed by a cross
-
organizational team representing technica
l support
organizations and key divisions and departments. (
Additional information on our standards
processes may be found at
http://security.rit.edu/standards/
.
)

More information on these and other secur
ity requirements for the RIT Community may be found
at
http://security.rit.edu/standards/index.html
.



Ben Woelk '07


Information Security Communications and Training Specialist

Rochester Instit
ute of Technology

Ross 10
-
A204

15
1

Lomb Memorial Drive

Rochester, New York 14623


585.475.4122


infosec@rit.edu


http://security.rit.edu/dsd.html




Become a fan of RIT

Information Security at
http://rit.facebook.com/profile.php?id=6017464645



Follow us on Twitter:
http://twitter.com/RIT_InfoSec



CONFIDENTIA
LITY NOTE
:


The information transmitted, including attachments, is intended only for the person(s) or entity to
which it is addressed and may contain confidential and/or privileged material.


Any review, retransmission, dissemination or other
use of, or ta
king of any action in reliance upon this information by persons or entities other than the intended recipient is
prohibited.


If you received this in error, please contact the sender and destroy any copies of this information.