CCC Users and Systems that interact with payment card data are required to do so in compliance with PCI-DSS standards.
CCC engages with individuals and organizations in many varied capacities. These complex relationships can result in difficulty in accurately categorizing individuals. This document’s intent is to provide a standard list of terms that will be used throughout the ITS Security Policy documents and to avoid potential issues that could potentially arise due to the inconsistent use of the various terms.
Security Policy Complaint procedures
Terms and definitions of words and acronyms used in the CCC security policy
Security Policy Governing standards, policies, and guidelines
What constitutes a security violation at Clackamas Community College?
CCC shall operate an (ITS) Change Review Board (CRB) and enact an Information Technology Services Change Management Process (CMP).
This policy shall be subject to and superseded by applicable regulations and laws.
There are many components that make up the cyber-security defenses at CCC. However, at the core is the protection the perimeter of our network from external attacks and intrusions using firewall and supporting network technologies. This policy documents the core principles for the configuration and maintenance of our firewall infrastructure.
CCC’s Defense in Depth strategy seeks to prevent the intrusion and activation of malicious software, commonly referred to as “malware”. There are various types of malware and prevention may require different techniques and technologies. This policy seeks to protect the college, students, faculty, and staff from the adverse impact of malware infection.
Data encryption provides protections for the confidentiality and integrity of data. The use of symmetric, asymmetric, and hashing algorithms in accordance with industry best practices and/or applicable laws and regulations can prevent the loss of data or render it meaningless to an attacker. Public Key Infrastructure mechanisms provide a means for verifying ownership of data and a means of exchange for encryption private keys.
Personal network devices are computing devices that create unauthorized network extensions or provide monitoring of network traffic and includes, but is not limited to hubs, hot spots, packet sniffers, switches, routers, and wireless access points. These devices interfere with the normal functioning of CCC’s enterprise network architecture and have the potential to introduce unmanaged security vulnerabilities into the network. This policy strictly prohibits the insertion of unauthorized network
It is critical to respond and resolve security incidents as quickly and as effectively as possible to minimize the impact of the incident. It is impossible to anticipate every incident that may need to be responded to, so this policy aims to provide a framework for response activities that facilitate effective response actions.
Security controls shall be implemented for all technological resources in a manner appropriate to their intended purpose, level of exposure to physical access, and assessed risk.
The CIO shall implement a risk management program which shall reduce the information security risk exposure to a threshold acceptable to the CCC Executive Team. The risk management program shall comply with all applicable laws and regulations imposed upon CCC.
The advent of Cloud computing has created new and largely unsolved challenges for information security. As custodian of CCC’s critical data, CCC is legally liable for the protection of that data wherever it is stored. However, when data is stored in a Cloud system outside of CCC’s span of control – we cannot see, administer, restore, or protect that data.
The best that CCC can do is to ensure that any Cloud vendor we engage with has the appropriate information security controls
Clackamas Community College (CCC) instructors, for the purposes of teaching network, information security, software development, and other Information Technology Services curriculum may utilize a teaching environment known as a Sandbox Environment.
This policy shall be subject to and superseded by applicable regulations and laws.
The purpose of the Clackamas Community College (CCC) Acceptable Use Policy (AUP) is to establish acceptable practices regarding the use of CCC Technological Resources.
The purpose of the Clackamas Community College (CCC) Acceptable Use Policy (AUP) is to establish acceptable practices regarding the use of CCC Technological Resources.
CCC’s Information Security Policies to support the Security Goals