Sacramento State - Information Resources & Technology  
sac state homeadmissionsabout sac stategiving a giftsite indexcontact us
Office of the VP/CIO | Academic Computing Resources | Administrative Computing Services | Information Security | Operations, Systems and Network Support | Telecommunications Services
IRT Home
my sac state

The systemwide standards were devloped to support the CSU Information Security Policy.  The following chart describes the relationship between the standards described in this document and the systemwide information security policy.

(Note to Reviewers: This section may be significantly revised.  At this point, the information provided below is intended as background for the review process.)

Security Policy Topic

Potential Standards

Information Security Roles & Responsibilities

Description of Duties for:
Campus President
Campus Information Technology Administrator
Information Security Officer

Risk Management

Risk Management /Assessment

 

Personnel Security

Termination and Position Change
Personnel Vetting

Privacy

Web Site Privacy

Security Awareness and Training

Content

Awareness and Training Activities

Third Party Services Security

Third Party Use of CSU Resources
Contracted Relationships



Security Policy Topic

Potential Standards

Information Technology Security

 

Network Controls Management

Remote Access

Mobile Device Management

Boundary Protection and Isolation

Malicious Software Protection

Wireless Access Points

Logging Elements



Security Policy Topic

Potential Standards

Configuration Management and Change Control

Change Management

Baseline Management

Access Control

User Account Credentials Management

Password Management

Encryption

User Privilege Authorization and Management

Asset Management

Data Classification

Data Handling

Data Retention

Data Disposal

Clean Desk

Management of Information Systems

Development Management

Web Application Coding

Life Cycle Management



Security Policy Topic

Potential Standards

Information Security Incident Management

Evidence Collection

Reporting

Physical Security

Security Zones

Secured Entrance

Secured Infrastructure

Viewing Controls

Data Center Access

Business Continuity and Disaster Recovery

(See Applicable EO)

Legal and Regulatory Compliance

PCI

HIPAA
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------