Updated 2016-10-07 08:40:09
Updated 2016-10-07 08:46:58This article provides links to Information Security Policies and Standards as defined by the CSU and Sacramento State.
Updated 2016-10-07 08:40:00The California State University defines three levels of data sensitivity, Level 1 (Confidential), Level 2 (Internal Use), and Level 3 (General), and has associated graduated levels of safeguards afforded to the level of sensitivity.
Updated 2016-10-07 08:40:00Change management refers to the process for controlling and maintaining security when changes are made to the configuration or operation of a device or application. All changes and additions must be made using an orderly process that carefully considers possible security compromises that may be introduced.
Updated 2016-10-07 08:40:05The Access Control Standard the the technical implementation of the CO access control policy, and establishes the means by which access to confidential information will be limited only to authorized users and those who need such access to complete their work as a faculty member, staff member, or student.
Updated 2016-10-07 08:40:07A detailed vulnerability report will be provided for system(s) that you own or maintain. This is based on our normal monthly scans unless otherwise requested.
Updated 2016-10-07 08:39:47This article provides information about the Identity Finder application, which is a tool provided to all faculty and staff to help protect student and other sensitive data.
Updated 2016-10-07 08:39:45All application and web development involving handling of wither Level 1 and 2 data or access to data from off-campus must be in compliance with the following standards and procedures. All contracts for services involving application and web development involving either handling of Level 1 and 2 data or access to data from off-campus must also comply, prior to completion of initial contracting. All application and web developers are encouraged to consult with the Information Security Office prior to beginning such web or application development or contracting. Applications and websites handling Level 1 data may not be deployed prior to approval by the Information Security Officer.
Updated 2016-10-07 08:39:53Setting up a Passphrase can help you secure your information better and is usually easier to remember that a cryptic password.
Updated 2016-10-07 08:40:04Information security incidents involving criminal acts or actions that you feel pose an immediate threat to personal safety or the privacy of confidential data should be reported to the University Police at extension 86851 or by calling 911.
Updated 2016-10-07 08:40:11This article provides instructions for updating your course training records for courses completed at another Caflironia State University campus.
Updated 2016-10-07 08:39:54The goal of security controls is ensuring a continual focus on support of access to education, excellence in teaching and learning, student success, and cost-effective administrative services at Sacramento State.
Updated 2016-10-07 08:46:58This is a policy article providing information on the Health Insurance Portability and Accountability Act of 1996 (HIPAA), which Sacramento State staff members are required to learn.
Updated 2016-10-07 08:40:06The Common Access Request System (CARS) is a web-based form management and workflow client. With CARS, you will be able to electronically submit, view, and manage CMS and CFS security request forms. This article provides a tutorial on using CARS to submit these types of request.
Updated 2016-10-07 08:39:54
Updated 2016-10-07 08:39:48
Updated 2016-10-07 08:46:59
Updated 2016-10-07 08:39:59Assets that are in scope are defined as workstations, servers, network infrastructure device, removable media, personal devices, device terminals, cabinet, safe, room, and physical and electronic storage.
Updated 2016-10-07 08:39:47This articles provides documentation, templates, and guides for PCI asessment and training.
Updated 2016-10-07 08:39:48
Updated 2016-10-07 08:39:44This article provides instructions on submitting CARS requests for POI staff/auxiliary staff access to CMS and CFS.
Updated 2016-10-07 08:39:55
Updated 2016-10-07 08:39:46Sacramento State retains ownership or stewardship of all campus data and reserves the right to limit access to this information and to use appropriate means to safeguard this information. In particular, all Level 1 and Level 2 data (see Data Classification Standard) must be released and handled in a manner authorized by valid data owners/managers. The following steps describe the process that must be followed when requesting authorization to use Level 1 and/or Level 2 data outside the campus data owner/manager's control.
Updated 2016-10-07 08:39:46This article provides compliance information for vendors or business entities who process credit cards at Sacramento State.
Updated 2016-10-07 08:39:43
Updated 2016-10-07 08:40:06To provide a common set of methodologies and requirements to standardize vulnerability scans on campus systems, applications, and networking infrastructure.
Updated 2016-10-07 08:40:04
Updated 2016-10-07 08:40:06Request that additional restrictive procedures and technical controls be imposed on a workstation in order to decrease the workstation's exposure to data loss and malicious software.
Updated 2016-10-07 08:39:55The campus network is critical in supporting the mission of the University and campus standards are imposed to ensure the availability, integrity and confidentiality of network services.
Updated 2016-10-07 08:39:55Coordinate the authorization and implementation for system-to-system data flow and/or storage.
Updated 2016-10-07 08:40:04All confidential data stored on computers or other devices must be properly disposed of and/or protected when computers and devices are removed from service and/or re-purposed. The disposal or repurposing process must identify all Level 1 and Level 2 data present, utilize the disposal and repurposing processes indicated below, log the disposal and repurposing process, and make logs available for review by the ISO or his designee(s). All disposed computers and other devices must be certified to be free of level 1 and level 2 data, prior to disposal.
Updated 2016-10-07 08:46:59No reputable institution will ask you to submit your login, password, or credit card information through email or a link in email. Clicking on the links in the message may lead to deceptive websites designed to look like a legitimate site, or may link to websites that infect your computer with viruses and other malicious software. Delete suspicious messages immediately. Do not click on any links in the message. Do not open any attachments, as they may contain viruses or other malware.
Updated 2016-10-07 08:39:44
Updated 2016-10-07 08:45:50Information security is everyone's responsibility. If we all do our part, we may be able to lessen the risks to campus data and computing resources. Here are seven practices you can follow to better protect yourself and the University.
Updated 2016-10-07 08:39:44
Updated 2016-10-07 08:39:46
Updated 2016-10-07 08:39:54What you need to know about sharing music, movies, and more. There can be grave consequences for those who engage in illegal sharing of copyrighted material. This FAQ is meant to help you understand what is legal and what isn't.
Updated 2016-10-07 08:39:49This document describes the three levels of data classification that the University has adopted regarding the level of security placed on the particular types of information assets.The three levels described below are meant to be illustrative, and the list of examples of the types of data contained below is not exhaustive.Please note that this classification standard is not intended to be used to determine eligibility of requests for information under the California Public Records Act or HEERA.These requests should be analyzed by the appropriate legal counsel or administrator.
Updated 2016-10-07 08:40:04Processing preserved data at the direction of University Counsel and Human Resources.
Updated 2016-10-07 08:40:00
Updated 2016-10-07 08:40:05This article provides instructions for managing your Identity Finder search results and handling any found Level 1 data.
Updated 2016-10-07 08:39:55This article contains frequently asked questions regarding viruses and malware that can afflict computers.
Updated 2016-10-07 08:39:51Locate Leve 1 data on your systems by requesting an on-demand Identity Finder scan and report. Reports of found Level 1 data will be sent to either the requestor or user for mitigation of artifacts.
Updated 2016-10-07 08:39:43To provide direction to Sacramento State managers and members on the process by which computer security incidents are handled and managed within existing CSUS direction.
Updated 2016-10-07 08:40:03
Updated 2016-10-07 08:39:49This standards document is to outline the processes by which information security risk management is conducted at Sacramento State.
Updated 2016-10-07 08:40:06Requesting urgent and time-sensitive PeopleSoft-Oracle (CMS/CFS) security requests. These requests will be followed up with a formal CARS request.
Updated 2016-10-07 08:40:07Conduct a vendor or contract service assessment. Identify Information Security issues and recommend changes.
Updated 2016-10-07 08:40:04The law has long required all parties to preserve evidence that may be relevant to a dispute, even before a lawsuit is filed. Because much communication is now electronic, the courts have adapted the requirement to preserve evidence specifically to apply to electronic information. The courts have also ruled that the doctrine of "litigation holds" applies equally to electronic and hard copy information.
Updated 2016-10-07 08:39:59If a staff or faculty user already is approved and granted access but it is not working, please submit a service ticket. Typically cause by upgrades or seasonal requirements. Resolve PeopleSoft-Oracle security related functional issues.
Updated 2016-10-07 08:39:45Sacramento State has classification levels that are referred to as level 1, level 2, and level 3 data. This article provides detailed descriptions and examples on what constitutes each data level.
Updated 2016-10-07 08:40:12The process in which users sign and obtain the security training policy acknowledgement has changed. Instead of being presented with a pop-up window, the policy now appears in the same window.
Updated 2016-10-07 08:39:47
Updated 2016-10-07 08:40:06Collection of data with preservation of integrity, under the direction of University Counsel and Human Resources.
Updated 2016-10-07 08:39:45This standards document is to clarify the role and practices of Domain Administrators and other privileged accounts.
Updated 2016-10-07 08:40:12Users have reported various browser and system related issues regarding the online Skillport Data Security & Privacy Training (DSPT). This article details those issues and provides troubleshooting steps for resolving them.
Updated 2016-10-07 08:39:59This article contains the email that was sent all university staff and faculty regarding the release of Identity Finder.
Updated 2016-10-07 08:39:44This article defines what information technology abuse and if it occurs, how to report it.
Updated 2016-10-07 08:40:05This article provides instructions for running a scan for Level 1 data in Identity Finder.