Information Security Standards
University Information Security is working with the University at large to develop an information security standards framework, based on the security principals of NIST (National Institute of Standards and Technology) and ISO (The International Organization for Standardization) 27001 & 27002.
These are standards designed to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a University Security Framework that will meet the unique business requirements of the University going forward.
Documentation Standards and process for the Information Security standards listed here.
Add comments in the GoogleDoc:
- Backup & Recovery of Data
- Backup & Recovery of Software, System Configuration
- Change Control
- Data Center
- Data Storage
- Physical Security for Backups
- Physical Security for Devices
- Security Patching
Email firstname.lastname@example.org comments related to the following standards:
- Account Provisioning
- Information Security Awareness, Education and Training
- Log Management
- Management of End User Device
- Media Sanitization
- Operating System Access Control
- Technical Vulnerability Management
- User Administrative Privilege
- Virus/Malware Protection