Date Established: -
Date Last Revised: 8/12/2011
Category: Information Technology
Responsible Office: Office of the Chief Information Officer
Responsible Executive: Chief Information Officer
The NY State Information Security Policy sets forth the minimum requirements, responsibilities, and accepted behaviors to establish and maintain a secure environment and achieve the State's information security objectives. These modifications adjust the NY State policy for UB’s higher education environment.
A university environment is inherently open by nature, providing equal access to knowledge, with free exchange of ideas. Ownership of a university IT infrastructure is also more complex than that of other state entities, since departments and individuals within universities purchase IT infrastructure with external funding and develop web content, and students connect personally-owned devices to the university network and post web content. Unlike corporations and many state entities, "rule by edict" is not a realistic governance principle. The SANS Institute 1 (Templeton, 2005) has described the needs of a university environment as follows:
The NY State Information Security Policy, based on ISO17799 standards, developed for state entities but not mandated for SUNY institutions, is a comprehensive information security policy, but requires some modifications to be appropriate for an open network environment like that of a university.
This policy applies to all university information technology devices and data regardless of their medium and/or form, and to all those who handle university information (faculty, staff, students, third party contractors, and any others).
The Chief Information Officer or his designee will periodically review and update this policy as needed. Questions concerning this policy should be directed to the Office of the Associate VP for Information Technology.
Violations of this policy will result in appropriate disciplinary measures in accordance with University policies, applicable collective bargaining agreements, and state and federal laws.
|Information Security Officeremail@example.com |