Add to collection(s) Add to saved
  1. Social Science
  2. Political Science

CSUF-President-Directive-13 - California State University, Fullerton

advertisement 
President’s Directive Number 13
Information Security
I.
Directive
Securing information protected by federal and state law as well as California State University (CSU)
policies and procedures, is essential. As such, the University will:
 Comply with all federal and state laws and regulations, as well as CSU policies and procedures,
concerning the collection, use, maintenance, and release of protected information.
 Develop, implement, and monitor administrative, technical, and physical safeguards to mitigate
unauthorized intrusion, malicious misuse, or inadvertent compromise of protected information.
II.
Authority
Several federal and state laws, as well as CSU policies, govern access to information collected,
used, maintained, and released by the University, including but not limited to the:







III.
Family Education Rights and Privacy Act
California’s Information Practices Act
Title V
California’s Public Records Act
Gramm-Leach-Bliley Act
Health Information Portability and Accountability Act
CSU Information Security Policy
Scope
This Directive applies to the collection, use, maintenance, and release of protected information by the
University or, when applicable, by any of its auxiliary or affiliate organizations and the development of
a campus wide information security strategy.
IV.
Definitions, Implementation & Accountability
A.
The University Chief Information Security Officer; CISO; is the campus Chief Information
Technology Officer who has been designated by the President to oversee Information Security
policy and the coordination of information security efforts across the university. Working with
CSUF senior management the CISO coordinates the process to build a university-wide
information security strategy and vision. The CISO is charged with the responsibility for
building an information security-conscious culture and infrastructure for CSUF.
B.
The University Information Security Officer; ISO; is an appropriate administrator designated
by the President and delegated responsibility by the CISO for the security of all protected
information collected, used, maintained, or released by the University as well as leads the
development of a campus wide information security strategy.
The Information Security Officer directly reports to the University’s Chief
Information/Technology Officer and is a member of the Information Technology Leadership
Team. The ISO works in collaboration with other managers in Information Technology and
administrators from other divisions to establish an effective information security program and
support the University mission
The Information Security Officer recommends and develops information security solutions to
provide detection, prevention, containment, and deterrence mechanisms to protect and maintain
the integrity of the campus data infrastructure, systems, applications and physical assets.
C.
Custodians of Records are defined as appropriate administrators in charge of offices or
departments with functional ownership of protected information (e.g., the Director of
Admissions & Records, the Director of Financial Aid, the Director of the Student Health Center,
and the Executive Director of Human Resourcesi). Custodians of Records are responsible for
securing protected information under the control of their respective department or area of
responsibility, including electronic databases, printed reports, and submitted materials.
D.
Technical Security Officers are defined as technical administrators responsible for the security
of protected information maintained by the University (e.g., Chief Information/Technology
Officer, Director of Administrative Computing, Director of Network Computing & Security, and
the Senior Director of Information Technology, BFAii). Technical Security Officers are
responsible for applying appropriate technical safeguards to protect information collected and
maintained by the University.
E.
Appropriate Administrators are supervisors or managers included in the Management
Personnel Plan. Appropriate administrators are responsible for applying federal and state laws
and CSU and policies and procedures regarding protected information, and for granting,
monitoring, and managing access to protected information by employees or contractors reporting
to them.
F.
All individuals working with protected information are responsible for collecting, using,
maintaining, and releasing it in accordance with federal and state laws or regulations, as well as
CSU policies and procedures.
G.
Protected Information includes information identifying or describing an individual. Different
language is used in various federal and state regulations and CSU policies to describe protected
information. Protected information may include:
Social security number
Home address
Home telephone number
Performance evaluations
individual
Ethnicity
Gender
Employment history
Physical description
Financial matters
Medical information
Education (e.g., grades)
Statements made by, or attributed to, the
Failure to comply with applicable federal and state laws and regulations may result in fines, penalties, exclusion
from government funded programs, litigation, adverse publicity, and an array of other impacts that could
impede the mission of the University.
Contact Person:
Chief Information Technology Officer/Chief Security Officer:CISO@fullerton.edu
Interim Information Security Officer:ISO@fullerton.edu
Reviewed and Approved By President Gordon Approved: March 12, 2004
Revised and Reissued: August, 2008
i
ii
Complete list included in information security procedures document.
Complete list included in information security procedures document.
Related documents
The Hunger Games at Colorado State University
The Hunger Games at Colorado State University
TRANSFER ADMISSION REQUIREMENTS
TRANSFER ADMISSION REQUIREMENTS
Imagine Undoubtedly to the point of overkill for many, we are
Imagine Undoubtedly to the point of overkill for many, we are
CSU%20Sustainability%20Survey_Harmon_9
CSU%20Sustainability%20Survey_Harmon_9
Information Security Program Implementation
Information Security Program Implementation
CSUStand
CSUStand
Top Issues of CISOs
Top Issues of CISOs
CMP CSU GAP Ledger Comparison - The California State University
CMP CSU GAP Ledger Comparison - The California State University
the doctorate of nursing practice - California State University, Los
the doctorate of nursing practice - California State University, Los
International Student Fall Orientation Tuesday, August 16, 2011
International Student Fall Orientation Tuesday, August 16, 2011
CSU Fullerton - The California State University
CSU Fullerton - The California State University
The Academic Senate Minutes - California State University
The Academic Senate Minutes - California State University
Human Behavior and Security Culture
Human Behavior and Security Culture
NEOMED open for business Moondog, say hello to
NEOMED open for business Moondog, say hello to
Printed Version - Extended and Continuing Education
Printed Version - Extended and Continuing Education
Cleveland State University Student Services Study
Cleveland State University Student Services Study
facilities use policies - Cleveland State University
facilities use policies - Cleveland State University
California State University Disbursements, Deposits, Accounts
California State University Disbursements, Deposits, Accounts
Systemwide Accounting - The California State University
Systemwide Accounting - The California State University
Checklist 1: Plan for physical needs and notify start date
Checklist 1: Plan for physical needs and notify start date
Diversity Action Plan A Roadmap for Inclusive Excellence
Diversity Action Plan A Roadmap for Inclusive Excellence
Event Management Guidelines
Event Management Guidelines
Download
advertisement