Table of Contents
RIT INFORMATION SECURITY
RIT ensures that information is available to the RIT community, protected commensurate with their value, and must be administered in conformance with federal and state law. Reasonable measures are taken to protect these assets against accidental or unauthorized access, disclosure, modification or destruction, as well as to reasonably assure the confidentiality, integrity, availability, authenticity of information. Reasonable measures are also taken to reasonably assure availability, integrity, and utility of information systems and the supporting infrastructure, in order to protect the productivity of members of the RIT community, in pursuit of the RIT mission as the policy stipulates.
Types of RIT Information Security Policy
EISP (Enterprise Information Security Policy) includes the Information Security policy as a component allows RIT to take rational methods to protect information and computing resources in a period that is both dependent on electronic media. Ensure that the information assets are in conformance with federal and state laws and are protected and readily available to the RIT community.
Adapt required security measures to prevent unauthorized access of RIT's information assets and ensure the availability and integrity of these information assets that will ultimately help toward achieving the common goal of the institution.Want an expert to write a paper for you Talk to an operator now
The Plain English guide to the Information Security Policy provides explanation and illustration of the Policy and is provided as an aid to help you understand and implement the requirements of the Policy as it is authoritative and with immediate effect.
The RIT Code of Conduct for Computer and Networks facilitates provision of information in terms of all computing and network resources. Its help in reflecting academic honesty and good judgment in utilization of shared resources, and observe the ethical and legal guidelines. The document outlines the user privileges and responsibilities access to a wide variety of on and off campus resources. Users are required to act in the most acceptable ethical manner and impose duties and obligations. The policy includes brief definitions for these technological subsystems that will avoid ambiguity. These definitions are: ordinary user and an authorized university user, university computing resources, university's network and network connections, system access, system owner, network admin and a definition for secure systems.
We have understood that the Issue Specific Security Policy (ISSP) guides the organization on how to securely use specific technologies. It enforces that computer or network equipment be accessed only by authorized personnel.
RITS’ EISP and Security Standards
Through the analysis of EISP we have seen clearly that, a policy documents a clear solution on how to handle certain and predetermined occurrences, and especially in terms of security in RIT. However, Security Standards are no different from the policy; they help in implementation of the stipulated policies by the community in which they are set in.
List of RITS’ Security Standard
Desktop and Portable Computer Standard – (procedural and technical) protects RIT community from computer threats and theft. It presents the minimum security requirements for any desktop or laptop that is connected to the RIT network.
Password- (procedural) sets the minimum requirements on password complexity and usage.
Information Access and Protection Standard- (procedural and technical) ensures that RIT’s information is handled appropriately during its lifecycle in terms of creation, transfer, storage and disposal.
Portable Media- (procedural) provides the minimum requirements to transfer or store RIT’s confidential information on portable devices such as discs.
Computer Incident Handling Standards- (procedural and technical) addresses steps that need to be followed to handle and resolve computer incidents.
Signature Standard- (procedural) specifies the standards for signatures elements when using RIT’s communication facilities.
Authentication Service Provider Standard- (technical) provides the information for assistance in maintain security by the RIT’s Information Security personnel.
Web Security Standard- (technical) provides the information for the minimum requirements, configurations and documentation to prevent, protect and respond on web servers.
RIT’s GORVERNANCE PROCESS
The process of Information security Standards involves a pure filter process. Once a policy is introduced the various departments with their officials set on outlining the governing standards for the policy. The team of officers must realize the need for a certain standards for a particular policy and table them for scrutiny and evaluation just to get the best and that suits all. The image below shows the process at RIT for coming up with security standards.
Security is a major concern to all the institutions in most part of the world, and if information is not handled with the care it deserves may end up being meaningless. The need for better security arises in our everyday today and this brings us to the attention for improved information systems which are most reliable and effective. In terms of network, wire-less network are known to provide a more secure connection than wired network. Wire-less networks have various types of securities such as use of computer Mac address. The use of Mac address provides the specific computer connected to the network as a registered connection. I would suggest that instead of using wired connection, the RIT’s implement wire-less connection of computer which is more secure.
Registration of the computer serial numbers to the RIT Information Security department would reduce much computer handling issues greatly.
RIT is an institution that I would say has been on the forefront to emphasize on Information Security which is a very important aspect in our today society. It has helped the institution to keep and maintain its core values and achieving its mission. Citing RIT as an example let all other organization be the first to end corruption of information and all other security vices by taking the proper actions in security provision.