APS #6005

Active

IT Security Program

Brief Description

The IT Security Program serves as the core for the university's IT security and risk activities and provides requirements to users and administrators of IT resources via the noted security and risk standards.  These standards help ensure information is secured appropriately, the university information and IT resources are available, and document the best practices and control activities that help mitigate the university technology risks.  This Administrative Policy Statement encompasses all IT Security-related requirements as outlined in the noted security standards.

Reason for Policy

Defines roles, responsibilities and requirements for the users and administrators of IT resources to mitigate risk involving the confidentiality, integrity and availability of university data and IT systems.

NOTE:  The following sections of APS 6005 will remain in effect until they have completed transition to other APS documents and associated standards (expected in early 2024): 

Those sections include:

     Section 1: IT Resource User Responsibilities
     Section 2: IT Security in Personnel Job Descriptions, Responsibilities and Training
     Section 3: IT Security in University Operations, Business Continuity Planning, and Contracting
     Section 4: IT Service Provider Security

Once that work is complete (expected in early 2024), the above sections will be removed from this policy and the related documents for APS 6005 will include the following - once they are created or reviewed and revised:

Related documents Effective Date
(TBD if blank)
Compliance Date
(TBD if blank)
APS 6001 – Providing and Using Information Technology (Active, revision planned)    
IT Security Controls Standard (updated to 800-171) 10/01/2023 10/01/2024
IT Security Responsibilities (new)    
Campus Acceptable Use Policies (links)    
APS 6002 - Electronic Communications (Active, revision planned)    
APS 6010 - Data Governance (Active, revised) 07/01/2024  
Data Classification    

I. Introduction

II. Policy Statement

III. Related Policies, Procedures, Forms, Guidelines and Other Resources

IV. History