Skip to content Skip to search Skip to footer Office of Information Security Open Menu Back Close Menu Search for: Search Close Search ServicesServices Benchmark and Hardening Encryption Cisco Umbrella Data Classification Vulnerability Assessment Web Scans Workspace ONE (formerly Airwatch) Alerts NewsNews Events Cybersecurity Awareness MonthCybersecurity Awareness Month Workplace Security Policies Forms GuidanceGuidance QR Code Safety Phish Alert Button (PAB) Email Safety Remote Work Travel Information Security Strategies for iOS/iPadOS Devices Information Security Strategies for macOS Devices Information Security Strategies for Android Devices Information Security Strategies for Windows 10 Devices ResearchResearch Confidentiality, Integrity, and Availability: The CIA Triad Information Security Glossary Guiding Information Security Questions for Researchers Research Data Security Controlled Unclassified Information (CUI) in Sponsored Research WashU IT About UsAbout Us Contact Us Information Security FAQ Open Search 100 Information Security Program RequirementAll UsersSystem OwnersSystem Custodians/ AdministratorsDepartments, Schools, UnitsThe OIS will manage, approve, or deny exception requests (p. 3).✔✔ ✔Data and information will be classified appropriately (p. 3).✔✔✔✔Systems will be classified according to criticality and constituent information (p. 5) ✔✔ System-access permissions will be regularly monitored and documented (p. 5). ✔✔ The implementation, status, and effectiveness of security controls will be continuously monitored and documented (p. 3).   ✔An ongoing inventory of information assets will be maintained (p. 3).   ✔Individuals with applicable information security roles must regularly monitor and document system-access permissions (p. 5).  ✔ Basic information security training (p. 6).✔  ✔Targeted and role-based training for regulatory requirements (p. 6).✔  ✔A record of training is maintained (p. 7).   ✔ Summary of Policy Roles and Responsibilities (100.01)  Descriptions of these roles and responsibilities may be found in the dedicated section in the full text of the policy. Information Security Governance and Compliance (100.02)  Information security governance relates to who is authorized to make security decisions, the framework for creating accountability and oversight, and ensuring that our overarching security strategy aligns with our institutional mission while meeting regulatory requirements. The OIS determines a minimum set of requirements for the security of our information systems and the data that our organization stores, processes, and transmits.  Asset Inventory (100.03)  The OIS evaluates assets in terms of criticality to our organizational operations and assigns controls accordingly.  Data, Information, and System Classification (100.04)  Data and information created, stored, and transmitted by the WashU community are classified as 1) Public, 2) Confidential, 3) Protected, or 4) Controlled Unclassified Information (CUI). Refer to data classification for more information about the four categories.  When classifying a collection of information or data, the most restrictive classification of any of the individual data elements should be used.  Individuals with applicable information security roles must regularly monitor and document system-access permissions. Information Security Controls Plan (100.05)  The OIS assigns security controls commensurate with risk and according to the classification of data, information, and systems.  Communications, Training, and Awareness (100.06)  In addition to internal communications, the OIS shares information with the wider information security community and external stakeholders to develop broader situational awareness of cybersecurity.  The OIS maintains a security awareness training program to facilitate compliance with policies, regulations, and the classification of information and its security.  The OIS develops training curricula in-house and through third-party services. A record of training completion is maintained in a centralized learning management system or in department/school files.  Awareness activities focus on applying security best practices and controls specified by NIST, ISO, The Center for Internet Security (CIS), and regulatory agencies.  Full Text of Policy Policy 100 Information Security Program The policy is the foundation of the policy library. It establishes the charge and mission of the Office of Information Security (OIS) to protect the Confidentiality, Integrity, and Availability (CIA) of information resources at Washington University in St. Louis (WashU). Related Information 200 Information Security Classification, Labeling, and Handling This standard defines classification categories and control zones for data, information, and systems at Washington University in St. Louis (WashU). Office of Information Security Mailing Address: Campus Box 8218 | 660 S. Euclid Ave. | St. Louis, MO 63110 Phone: 314-747-2955 Email: [email protected] ©2024 Washington University in St. Louis

beplay体育苹果版公司 beplay旧版本 beplay是哪个 beplay体育 哪国的
Copyright ©beplay体育怎么存款|beplay怎么看 The Paper All rights reserved.