Main Page

From Spwiki

Jump to: navigation, search

Barton Security Policy Wiki

Consult the User's Guide for information on using the wiki software.

Contents

Getting started

Policy Wiki Purpose

The purpose of this Wiki is to spur discussion and to achieve consensus on the topics of Security Policy and Regulatory Compliance.

  • Weigh in on Policy Topics below.

Things to remember:

  • We're all on the same team. We all work for Barton and Barton works for our students.
  • Everyone has a mission to accomplish and ALL of our individual missions add up to the College Mission. **Use the Discussion tab to make your needs known.

What not to do: **Don't panic.

  • Don't forget that Security Policy has to work for everyone and allow all of us to accomplish our mission and to further the College's Mission.
  • Don't forget that we're all colleagues and friends. If someone disagrees with you, remember that they're trying to accomplish their mission too.

Policy Topics:

Information Risk Management

Acceptable Use

College-Owned Computing Assets

Non-College-Owned Systems

Authorization and Access Control

Security Awareness, Training and Education

Network and Systems Access

Privacy Impact Assessment and Management

Capital Planning and Investment Control

Data and Information Management

Outsourcing, Cloud Computing and Third Party Providers

Payment Card Industry Compliance

Contingency, Business Continuity and Disaster Recovery Planning

Information Disclosure, Law Enforcement and Subpoena

Incident Identification, Declaration, Reporting and Handling

Information Classification

Configuration and Patch Management

Media Sanitization and Disposal

Security Plan Management

Physical Access and Security

Server Management

Router, Switch, Wireless Access Point and PBX Management

Printer and Printed Media Management

Security Architecture Framework

Certification and Accreditation of Systems

Vulnerability Scanning and Vulnerability Assessment

Firewall and Perimeter Security Systems

Information Systems Security Audit

Systems Development Lifecycle

Intrusion Detection, Log Aggregation and Intra-Network Security Systems

Training References:

The National Institute of Standards and Technology (NIST):

NIST Special Publication 800-16:

Information Technology Security Training Requirements: A Role- and Performance- Based Model

NIST Special Publication 800-50:

Building an Information Technology Security Awareness and Training Program

Metrics

Security Metrics

Personal tools