Integrated CSU Administrative Manual

CSU POLICY

Section:   INFORMATION SECURITY POLICY

Section 8000 Policies

Policy Number:   8010.0

Policy Title: Establishing an Information Security Program

Policy Effective Date: April 19, 2010

Last Revision Date:  
(see revision history)

POLICY OBJECTIVE

The CSU Information Security policy defines minimum requirements for CSU Information Security Programs.

POLICY STATEMENT

Each campus President and the Assistant Vice Chancellor for Information Technology Services are responsible for the establishment and implementation of an information security program that contains administrative, technical and physical safeguards designed to protect campus information assets. Each campus information security program must implement a risk-based, layered approach that uses preventative, detective, and corrective controls sufficient to provide an acceptable level of information security and must be reviewed at least annually. The campus information security program reviews must be documented.

The campus program must:

  • Document roles and responsibilities for the information security program.
  • Provide for the confidentiality, integrity and availability of information, regardless of the medium in which the information asset is held or transmitted (e.g. paper or electronic).
  • Develop risk management strategies to identify and mitigate threats and vulnerabilities to level 1 and level 2 information assets as defined in the CSU Data Classification Standard.
  • Establish and maintain an information security incident response plan.
  • Maintain ongoing security awareness and training programs.
  • Comply with applicable laws, regulations, and CSU policies.

 

Benjamin F. Quillian
Executive Vice-Chancellor/Chief Financial Officer

Approved: April 19, 2010

APPLICABILITY AND AREAS OF RESPONSIBILITY

 

REVISION HISTORY

 

RESOURCES AND REFERENCE MATERIALS

Useful Guidelines:

 

Related Principles:

 

Sound Business Practices:

 

Laws, State Codes, Regulations and Mandates:

 

COGNIZANT OFFICE(S)

CO Manager:

Mr. William Perry
Chief Information Security Officer
CSU Office of the Chancellor
wperry@calstate.edu


Subject Expert:

Mr. William Perry
Chief Information Security Officer
CSU Office of the Chancellor
wperry@calstate.edu

Affinity Group:

 

Feedback/Questions/Comments