The Office of Information Technology manages several University policies, standards, and guidelines.
The purpose of this policy is to establish minimum criteria for acceptable use of information systems.
The purpose of this policy is to mandate requirements for access management controls across the technological environment. This policy will aid in managing access to its information systems.
This policy describes secure practices for use of cloud software and storage services. It also highlights security risks introduced by storing sensitive data in the cloud and mandates the protection of data stored by Cloud Service Providers with appropriate technological controls.
The purpose of this policy is to define the risk-based approach for the categorization of data assets. This policy describes categories to which all of the data types should be mapped to help protect data in a consistent and appropriate manner.
The purpose of the Incident Response Policy is to mandate Incident Response activities. Incident Response activities must be driven by a framework to respond quickly, decisively, and appropriately to an incident.
Threat and Vulnerability Management
The purpose of this policy is to establish guidance around Threat and Vulnerability activities. This policy outlines requirements for identification, assessment, and mitigation of threats to systems, and vulnerabilities within those systems. This document mandates the operational procedures required, including vulnerability scanning and assessment, patch management, and threat intelligence gathering.