In today’s constantly-evolving technology landscape, cyber threats have a more profound impact than ever. Penn State has been targeted by foreign intelligence agencies and cyber criminals with similar capabilities. In response, the Office of Information Security has developed sound strategies to manage this ongoing risk with minimal impact on teaching, research, and service.
University Policy AD95 offers an information-centric defense strategy: one program, with a single policy and 14 corresponding standards, that enacts security controls based on the type of information at risk, not by the department or unit requesting support. This simple, overarching model uses information risk categories to determine security controls. An accompanying RACI chart (responsible, accountable, consulted, and informed) aids in the determination of roles and responses, lending further clarity to the process. University Policy AD96 governs the acceptable use of University information resources, information ownership rights, use and access of technology, and information security and integrity protection.
Need help classifying your information in order to apply proper IT security measures? Try this helpful tool.