Security Operations Policy

Purpose

To provide 色中色 with guidance to develop and implement the appropriate protective safeguards to ensure the confidentiality, integrity, and availability of 色中色 assets and information.

Policy

Security operations safeguard 色中色 information assets that reside within the 色中色 information system. These practices help identify threats and vulnerabilities and implement controls to reduce the overall risk to 色中色 assets. 色中色 exercises due care and due diligence by taking reasonable measures to protect its assets on an ongoing and continual basis.

Summary

  • 色中色 develops, documents and maintains baseline configurations for its information system and related components including standard software packages for all devices, current version numbers, patch information and so forth.
  • 色中色 requires Faculty and Staff to notify 色中色 ITS when traveling to locations that the College deems to be of significant risk and will issue specially configured devices and system components to travelers to mitigate potential risk. Data residing on mobile devices will be protected as part of this.
  • Only qualified and authorized individuals are permitted access for the purpose of changes or upgrades.
  • A 鈥渄eny-all, permit by exception鈥 policy is employed to allow only the execution of authorized software on the 色中色 system.
  • A configuration management plan and system is maintained that will track configuration items including hardware and software through its lifecycle.

Security Operations Policy Details [pdf]