 |
| Introduction and Scope Supplemental Policy |
Number: 8000.0 Revised: August 15, 2010 |
8000.100 Introduction
These information security policies augment the latest version of the CSU Information Security Policy previously adopted by Sacramento State, but neither supplant nor diminish that policy. The supplemental policies are specifically responsive to the information security audit results reported to Sacramento State in December, 2009. The intent of these supplemental policies is to protect the campus from the risks associated with information security breaches, while at the same time maintaining campus access to essential information technology functions and services. The application of these policies should therefore consistently consider how required information security controls can be implemented with minimal effect on user services. Whenever feasible, user input and collaboration should be obtained prior to the application of these policies to specific information security incidents.
8000.200 Scope
These supplemental policies have the same scope as cited in the Integrated CSU Administrative Manual, Information Security Policy scope statement.
This supplemental policy adds delegation to the Information Security Officer and Vice President and Chief Information Officer, under the authority of the President, of all needed authority for evaluation, enforcement and implementation of all information security policies and practices campus-wide. The specific aspects of this delegated authority are delineated below. It is the responsibility of campus executive management to execute the obligations required by this policy as well as its Standards, Processes, and Guidelines.
These policies and their attachments delineate the specific practices and procedures required to manage campus-wide information security risk at Sacramento State. Any risk acceptance or exceptions or non-compliance related to such information security policies and practice must be reviewed, documented and approved only through the campus Risk Acceptance and Exception Process.
Back to to Sacramento State Information Security Policy Website