�鶹Ӱ��

Purpose

To provide �鶹Ӱ�� with guidance to develop and implement the appropriate protective safeguards to ensure the confidentiality, integrity, and availability of �鶹Ӱ�� assets and information.

Policy

Security operations safeguard �鶹Ӱ�� information assets that reside within the �鶹Ӱ�� information system. These practices help identify threats and vulnerabilities and implement controls to reduce the overall risk to �鶹Ӱ�� assets. �鶹Ӱ�� exercises due care and due diligence by taking reasonable measures to protect its assets on an ongoing and continual basis.

Summary

• �鶹Ӱ�� develops, documents and maintains baseline configurations for its information system and related components including standard software packages for all devices, current version numbers, patch information and so forth.
• �鶹Ӱ�� requires Faculty and Staff to notify �鶹Ӱ�� ITS when traveling to locations that the College deems to be of significant risk and will issue specially configured devices and system components to travelers to mitigate potential risk. Data residing on mobile devices will be protected as part of this.
• Only qualified and authorized individuals are permitted access for the purpose of changes or upgrades.
• A “deny-all, permit by exception” policy is employed to allow only the execution of authorized software on the �鶹Ӱ�� system.
• A configuration management plan and system is maintained that will track configuration items including hardware and software through its lifecycle.

Security Operations Policy Details [pdf]