Faculty/Staff

Requirements for Faculty/Staff

All RIT faculty and staff are required to read, understand, and comply with the RIT Code of Conduct for Computer and Network Use and the RIT policy regarding Digital Copyright. Administrators should visit the Resources page for implementation, configuration, guidelines, and best practices.

Security Standards

Standard	When does it apply?
Desktop and Portable Computer Standard	Always
Password Standard	Always
Information Access & Protection Standard	Always
Cyber-Security (Computer) Incident Handling Standard	Always
Portable Media Standard	If you are storing private or confidential information on portable media, such as USB keys, CDs, DVDs, and flash memory. If you must store private information on portable media, the media must be encrypted.
Web Security Standard	If you have a website at RIT, official or unofficial, and you: Own, administer, or maintain an official RIT web page that hosts or provides access to private or confidential Information. Use RIT authentication services
Signature Standard	If you are sending out an e-mail, MyCourses, or RITmail communication relating to university academic or business purposes. This applies to both RIT and non-RIT email accounts.
Server Security Standard	If you own or administer any production, training, test, or development server, and/or the operating systems, applications or databases residing on it.
Network Security Standard	If you own or manage a device that: Connects to the centrally-managed university network infrastructure Processes RIT Confidential or Operationally Critical information
Account Management	If you create or maintain RIT computer and network accounts. Managers reporting changes in access privileges/job changes of employees.
Solutions Life Cycle Management	RIT departments exploring new IT services (including third-party and RIT-hosted, and software as a service) that meet any one or more of the following: Host or provide access to private or confidential information Support a Critical Business Process
Disaster Recovery	For business continuity and disaster recovery. Applies to any RIT process/function owners and organizations who use RIT information resources. NOTE: The “in compliance by” date for this standard is January 23, 2016.

All instances of non-compliance with published standards must be documented through the exception process.

Information Handling Quick Links

Link	Overview
Digital Self Defense 103 - Information Handling	Covers important security issues at RIT and best practices for handling information safely.
Disposal Recommendations	How to safely dispose of various types of media to ensure RIT Confidential information is destroyed.
Recommended and Acceptable Portable Media	List of recommended and acceptable portable media devices (such as USB keys, CDs, DVDs, and flash memory).
Mobile Device Usage Recommendations	Recommendations for mobile device usage at RIT
VPN	Recommended for wireless access to RIT Confidential information.

Questions

If you have questions or feedback about specific information security requirements, please contact us.