ITS Security Policy

Clackamas Community College Information Technology Services Security Policy

Articles (10)

ITS Security Policy 000 – Security Policy Governing standards, policies, and guidelines

Security Policy Governing standards, policies, and guidelines

ITS Security Policy 105 Firewall, Router, and Switch Administration

There are many components that make up the cyber-security defenses at CCC. However, at the core is the protection the perimeter of our network from external attacks and intrusions using firewall and supporting network technologies. This policy documents the core principles for the configuration and maintenance of our firewall infrastructure.

ITS Security Policy 107 Anti-Malware

CCC’s Defense in Depth strategy seeks to prevent the intrusion and activation of malicious software, commonly referred to as “malware”. There are various types of malware and prevention may require different techniques and technologies. This policy seeks to protect the college, students, faculty, and staff from the adverse impact of malware infection.

ITS Security Policy 109 Encryption

Data encryption provides protections for the confidentiality and integrity of data. The use of symmetric, asymmetric, and hashing algorithms in accordance with industry best practices and/or applicable laws and regulations can prevent the loss of data or render it meaningless to an attacker. Public Key Infrastructure mechanisms provide a means for verifying ownership of data and a means of exchange for encryption private keys.

ITS Security Policy 110 Personal Network Devices

Personal network devices are computing devices that create unauthorized network extensions or provide monitoring of network traffic and includes, but is not limited to hubs, hot spots, packet sniffers, switches, routers, and wireless access points. These devices interfere with the normal functioning of CCC’s enterprise network architecture and have the potential to introduce unmanaged security vulnerabilities into the network. This policy strictly prohibits the insertion of unauthorized network

ITS Security Policy 112 Incident Response

It is critical to respond and resolve security incidents as quickly and as effectively as possible to minimize the impact of the incident. It is impossible to anticipate every incident that may need to be responded to, so this policy aims to provide a framework for response activities that facilitate effective response actions.

ITS Security Policy 113 Physical Access

Security controls shall be implemented for all technological resources in a manner appropriate to their intended purpose, level of exposure to physical access, and assessed risk.

ITS Security Policy 114 Information Security Risk Management

The CIO shall implement a risk management program which shall reduce the information security risk exposure to a threshold acceptable to the CCC Executive Team. The risk management program shall comply with all applicable laws and regulations imposed upon CCC.

ITS Security Policy 115 Cloud and Infrastructure Services

The advent of Cloud computing has created new and largely unsolved challenges for information security. As custodian of CCC’s critical data, CCC is legally liable for the protection of that data wherever it is stored. However, when data is stored in a Cloud system outside of CCC’s span of control – we cannot see, administer, restore, or protect that data.
The best that CCC can do is to ensure that any Cloud vendor we engage with has the appropriate information security controls

ITS Security Policy 117 Education and Training Sandbox Environments

Clackamas Community College (CCC) instructors, for the purposes of teaching network, information security, software development, and other Information Technology Services curriculum may utilize a teaching environment known as a Sandbox Environment.

This policy shall be subject to and superseded by applicable regulations and laws.