91����

Purpose

To provide 91���� with guidance to develop and implement the appropriate protective safeguards to ensure the confidentiality, integrity, and availability of 91���� assets and information.

Policy

Security operations safeguard 91���� information assets that reside within the 91���� information system. These practices help identify threats and vulnerabilities and implement controls to reduce the overall risk to 91���� assets. 91���� exercises due care and due diligence by taking reasonable measures to protect its assets on an ongoing and continual basis.

Summary

• 91���� develops, documents and maintains baseline configurations for its information system and related components including standard software packages for all devices, current version numbers, patch information and so forth.
• 91���� requires Faculty and Staff to notify 91���� ITS when traveling to locations that the College deems to be of significant risk and will issue specially configured devices and system components to travelers to mitigate potential risk. Data residing on mobile devices will be protected as part of this.
• Only qualified and authorized individuals are permitted access for the purpose of changes or upgrades.
• A “deny-all, permit by exception” policy is employed to allow only the execution of authorized software on the 91���� system.
• A configuration management plan and system is maintained that will track configuration items including hardware and software through its lifecycle.

Security Operations Policy Details [pdf]