Barton Security Policy Wiki
Consult the User's Guide for information on using the wiki software.
Policy Wiki Purpose
The purpose of this Wiki is to spur discussion and to achieve consensus on the topics of Security Policy and Regulatory Compliance.
- Weigh in on Policy Topics below.
Things to remember:
- We're all on the same team. We all work for Barton and Barton works for our students.
- Everyone has a mission to accomplish and ALL of our individual missions add up to the College Mission. **Use the Discussion tab to make your needs known.
What not to do: **Don't panic.
- Don't forget that Security Policy has to work for everyone and allow all of us to accomplish our mission and to further the College's Mission.
- Don't forget that we're all colleagues and friends. If someone disagrees with you, remember that they're trying to accomplish their mission too.
Information Risk Management
College-Owned Computing Assets
Authorization and Access Control
Security Awareness, Training and Education
Network and Systems Access
Privacy Impact Assessment and Management
Capital Planning and Investment Control
Data and Information Management
Outsourcing, Cloud Computing and Third Party Providers
Payment Card Industry Compliance
Contingency, Business Continuity and Disaster Recovery Planning
Information Disclosure, Law Enforcement and Subpoena
Incident Identification, Declaration, Reporting and Handling
Configuration and Patch Management
Media Sanitization and Disposal
Security Plan Management
Physical Access and Security
Router, Switch, Wireless Access Point and PBX Management
Printer and Printed Media Management
Security Architecture Framework
Certification and Accreditation of Systems
Vulnerability Scanning and Vulnerability Assessment
Firewall and Perimeter Security Systems
Information Systems Security Audit
Systems Development Lifecycle
Intrusion Detection, Log Aggregation and Intra-Network Security Systems
The National Institute of Standards and Technology (NIST):
NIST Special Publication 800-16:
Information Technology Security Training Requirements: A Role- and Performance- Based Model
NIST Special Publication 800-50:
Building an Information Technology Security Awareness and Training Program