Faculty and Staff
- Read and understand the RIT Code of Conduct for Computer and Network Use and the RIT policy regarding Digital Copyright.
Make sure you understand and comply with all applicable standards.
Security Standards
Standard When does it apply? Desktop and Portable Computer Standard Always Password Standard Always Information Access & Protection Standard Always Computer Incident Handling Standard If the affected computer or device: - Contains RIT Confidential information
- Poses a threat to the Institute network
Portable Media Standard If you are storing RIT Confidential information (which includes personal identifying information or PII) on portable media, such as USB keys, CDs, DVDs, and flash memory. Web Security Standard If you have a web page at RIT, official or unofficial, and you: - Host or provide access to RIT Confidential or Operationally Critical information
- Use RIT authentication services
Signature Standard If you are sending out an e-mail, MyCourses, or Message Center communication relating to Institute academic or business purposes. This applies to both RIT and non-RIT e-mail accounts. Server Security Standard If you own or administer any production, training, test, or development server, and/or the operating systems, applications or databases residing on it. Network Security Standard If you own or manage a device that: - Connects to the centrally-managed Institute network infrastructure
- Processes RIT Confidential or Operationally Critical information
Authentication Service Provider Standard If you are providing authentication services on network resources owned or leased by RIT. All instances of non-compliance with published standards must be documented through the exception process.
- Find out more about how information security affects you by becoming a Fan of the RIT Information Security Facebook page and joining the RIT Information Security Digital Self Defense Facebook Group.
- Follow us on Twitter for updates on current threats.
Information Handling
Visit the IAP Resource Center to find best practices for information handling and resources for constructing and managing an IAP Plan.
| Information Handling Quick Links | |
|---|---|
| Digital Self Defense 103 - Information Handling | Covers important security issues at RIT and best practices for handling information safely. |
| Legal Responsibilities and Information Handling at RIT | Learn about external information handling requirements at RIT. |
| Disposal Recommendations | How to safely dispose of various types of media to ensure RIT Confidential information is destroyed. |
| Recommended and Acceptable Portable Media | List of recommended and acceptable portable media devices (such as USB keys, CDs, DVDs, and flash memory). |
| Recommended and Acceptable Mobile Devices | List of recommended and acceptable mobile devices (such as smart phones - e.g. a Blackberry). |
| VPN | Recommended for wireless access to RIT Confidential information. |
| E-mail at RIT | Improve the security of your e-mail at RIT. |
Digital Self Defense
Visit our Digital Self Defense page to find security resources and safe practices and to see our schedule of upcoming workshops.
| Keeping it Safe - Practicing Digital Self Defense | |
|---|---|
| Essentials | Free downloads and instructions to support the Desktop and Portable Computer Standard. |
| Phishing | Learn how to recognize these common online scams. |
| Web Browsing Safely | Learn about the different web browsers available, add-ons that can improve security, and how to browse using limited account privileges. |
| Identity Theft | The number one FTC complaint for nine consecutive years. Nearly 50% of all cases occur in the 30-49 age group. |
| Safe Blogging and Social Networking | Learn how much information is too much and how to protect yourself on social networking and blogging sites. |
| Safe Online Shopping and Banking | How to use these popular online services securely. |
| Wireless Networking | Learn about wireless networking at RIT, at home, and on public networks; and the potential dangers you face. |
Exceptions
The Information Security Office has provided a method for obtaining an exception to compliance with the published security standards.
Questions
If you have questions or feedback about specific information security requirements, please contact us.
