In today’s constantly-evolving technology landscape, cyber threats have more impact than ever. Penn State has been targeted by foreign intelligence agencies and cyber criminals with similar capabilities. In response, the Office of Information Security has developed sound strategies to manage this ongoing risk with minimal impact on teaching, research, and service.
University Policy AD95 offers an information-centric defense strategy: one program, with a single policy and 14 corresponding standards, that enacts security controls based on the type of information at risk, not by the department or unit requesting support. This simple, overarching model uses information risk categories to determine security controls. An accompanying RACI chart (responsible, accountable, consulted, and informed) aids in the determination of roles and responses, lending further clarity to the process. University Policy AD96 governs the acceptable use of University information resources, information ownership rights, use and access of technology, and information security and integrity protection.
Need help classifying your information in order to apply proper IT security measures? Try this helpful tool.
These are policies related to the use of computers owned by Penn State and computers connected to any Penn State network. Please read, understand, and adhere to these policies.
Note: If you are viewing this site from a non-Penn State network, these linked pages may not be available to you.
Last updated: October 31, 2017
- Access, Authentication, and Authorization Management
- Disaster Recovery Planning for Information Systems and Services
- Electronic Data Disposal and Media Sanitizations
- Information Assurance and IT Security Awareness, Training, and Education
- Information Security Risk Management
- Network Security
- Physical Security
- Requests for Exception to Information Security Policy
- Secure Coding and Application Security
- Security of Enterprise Application Integration
- Security Log Collection, Analysis, and Retention
- Third Party Vendor Security and Compliance
- Vulnerability Management
Need to request a Security Policy Exception? Please click here to learn more.