麻豆原创

Skip to Content

麻豆原创 State Horizontal Gold and Black Logo

University Policy Library

Institutional policies are designed to communicate rules for operation, organization, and programming of the college. Find all current approved policies here.

View Categories

Information Security Plan (IT 2)

OWNER: Information & Technology Services
Phone:听702-992-2140
CATEGORY: Information & Technology Services
POLICY ID#: IT 2
EFFECTIVE DATE: 2/26/18


POLICY STATEMENT

This Information Security Plan describes 麻豆原创 State College鈥檚 safeguards to protect Sensitive Information in compliance with institutional, state, and federal guidelines. These safeguards are provided to:

  • Protect the security and confidentiality of Sensitive Information;
  • Protect against anticipated threats or hazards to the security or integrity of Sensitive Information;
  • Protect against unauthorized access to or use of Sensitive Information that could result in substantial harm or inconvenience to any student, employee, or customer.

The purpose of this plan is to:

  • Identify the risks that may threaten Sensitive Information maintained by 麻豆原创 State College;
  • Designate individual(s) responsible for coordinating the plan;
  • Establish and maintain a safeguards program;
  • Establish and maintain an incident response plan;
  • Adjust the plan to reflect changes in technology, sensitive information, or threats related to information security.

DEFINITIONS

Data Owner: An individual, entity, or office that is authorized to collect, view, or manage the data.

Sensitive Information: Any information or data associated with an individual that is considered personal or confidential, including but not limited to Social Security Numbers, individually-identifiable health information, education records, non-public information, and data that is protected by Board policy, state, or federal law.

Third Party: Any individual or entity contracted by 麻豆原创 State College.

PROCEDURES

I. Identification of Risk to Sensitive Information

麻豆原创 State College recognizes that it faces both internal and external risks regarding Sensitive Information. These risks include, but are not limited to:

  • Unauthorized access of Sensitive Information by someone other than the Data Owner;
  • Compromised system security which can result in unauthorized access to Sensitive Information;
  • Interception of Sensitive Information during transmission;
  • Loss of data integrity;
  • Physical loss of Sensitive Information in a disaster;
  • Corruption of data or systems;
  • Unauthorized access of Sensitive Information by employees;
  • Unauthorized access of Sensitive Information through hardcopy files or reports;
  • Unauthorized transfer of Sensitive Information through a Third Party.

听滨滨. Information Security Plan Coordinator

The appointed Information Security Officer, in cooperation with the Chief Information Security Officer at the 麻豆原创 System of Higher Education, is responsible for the implementation and maintenance of this policy.

III. Safeguards Program

A. Employee Management and Training: Upon selection for hire, background checks are conducted when deemed appropriate. During onboarding, each new employee who may handle or encounter Sensitive Information shall receive information security training highlighting the importance of confidentiality and protecting Sensitive Information.

B. Physical Security: 麻豆原创 State College has addressed physical security of Sensitive Information by limiting access to only those employees who have a business reason to know such information and requiring acknowledgement of the requirement to keep Sensitive Information private.

C. Information Systems: Information systems housing Sensitive Information shall be secured behind network firewalls, physically accessible only to key personnel, electronically accessible only via controlled access, kept up-to-date with security patches, backed up on a routine basis, and shall transmit Sensitive Information in a secured manner such as via encrypted channels. Additionally, 麻豆原创 State College will maintain systems to prevent, detect, and respond to attacks or intrusions. This includes maintaining anti-virus protection, a network intrusion detection/alert system, and tools to secure systems in the event of a breach.

D. Selection of Service Providers: In the process of selecting a service provider that will maintain or regularly access Sensitive Information, the evaluation process shall include the ability of the service provider to safeguard such data. Contracts with service providers should also include the following provisions:

    1. A stipulation that the Sensitive Information will be held in strict confidence and accessed only for the explicit business purpose of the contract;
    2. An assurance from the contract partner that the partner will protect any Sensitive Information it receives.

IV. Incident Response Plan

麻豆原创 State College shall maintain an incident response plan. Per the incident reporting and response procedures, all suspected information security incidents must be reported as quickly as possible to the Office of Information & Technology Services. This includes, but is not limited to, security breaches, unintended exposure of Sensitive Information, suspected viruses or malware, or unauthorized requests for login information or Sensitive Information.

V. Evaluation and Adjustment

This information security plan will be subject to periodic review and adjustment due to constantly changing technology and evolving risks. The plan coordinator will recommend updates and revisions as necessary. It may be necessary to adjust the plan to reflect changes in technology, the definition of Sensitive Information, or internal/external threats to information security.

HISTORY

Revised 02/26/18