Information Security Standards Forums

Forum Participants

 

Clark Hall 118 & Webex Enabled Telepresence
Tuesdays & Thursdays
between
September 17 - October 20, 2015
10:00-11:00am

In accordance with the San Jose State University Information Security Program and CSU Information Security Audit Report 15-16, the Information Security Office is finalizing twenty new Standards for SJSU.  These standards will play an important role protecting SJSU's information assets and will help ensure an adequate level of security is attained, resources are used efficiently and the best security practices are adopted.

The Information Security Standard Forums will be an opportunity to learn about the standards, ask questions and provide feedback.  At each meeting a short (20 minute) presentation will be given in regard to 2 standards followed by group discussion.  These standards will impact all University systems including Auxiliaries.

 Please review the Draft Information Security Standards and bring your questions and comments!

Agenda

Date

Standard

Brief Description

Thursday, September 17, 2015

Join Using WebEx

Access Control

Security protection controls that will help minimize the loss of confidentiality, integrity, and availability of SJSU's business information, as it is stored, processed, and transmitted. 

Password Standard

Defines the password requirements surrounding the management of access to information on SJSU's computer and communication systems. Password Assurance Level Calculator.

Tuesday, September 22, 2015

Join Using WebEx

Information Security Awareness Training

Training of any individuals who handle sensitive information for the campus.

Information Classification and Handling

Requirements for assigning, maintaining classification settings, and handling sensitive information for all SJSU's computer and communication system information.

Friday, September 25, 2015

Join Using WebEx

Network Security

The controls and process for access to the campus network, placement of assets on the campus network, transport of data across the network, network authorization and authentication, and management of the network against security threats.

802.11 Airwave Standard

The roles, processes, requirements, and restrictions surrounding 802.11 wireless “Wi-Fi” networks.

Tuesday, September 29, 2015

Join Using WebEx

Data Center Security

Security controls of machines hosted in SJSU data centers.

Asset Control

Requirements for controlling and ensuring all SJSU computing hardware, software, and confidential assets are identified, assigned a Steward, and classified.

Thursday, October 1, 2015

Join Using WebEx

Patching and Malicious Code Management

Requirements for applying patching and malicious code execution security controls for machines under the control of SJSU. 

Vulnerability Management and Assessment

Required to implement appropriate controls to monitor and scan network resources and information systems to identify and remediate vulnerabilities on networked computers.

Tuesday, October 6, 2015

Join Using WebEx

Personnel Information Security

All SJSU personnel understand their responsibilities regarding information security and that individuals seeking employment within SJSU meet the information security criteria for the desired position

Physical Security

Measures that are designed to prevent access to unauthorized personnel from physically accessing, damaging, and interrupting a building, facility, resource, or stored information assets.

Thursday, October 8, 2015

Join Using WebEx

Information Security Incident Management

Requirements for managing information security incidents for all SJSU computer and communication system information.

Electronic Data Disposition Standard

Data must be properly cared for during its entire lifecycle on campus, and properly disposed of prior to leaving campus. 

Tuesday, October 13, 2015

Join Using WebEx

Event Monitoring

Requirements for Information Security event monitoring within SJSU computing resources to ensure that information security policies, procedures and controls are being followed and are effective in securing information resources.

Risk Assessment Program

Requirements for the identification and classification of the appropriate security controls for all campus sensitive information resources, risk exposure areas, and applying appropriate mitigations in order to manage the risks across all campus information assets.

Thursday, October 15, 2015

Join Using WebEx

Email and Campus Communication

Requirements for how SJSU’s email and other forms of electronic communication should be used for employees and students. 

Email Retention

Requirements for retention of SJSU email, including the deletion and archiving of electronic mail.

Tuesday, October 20, 2015

Join Using WebEx

Web Application Development

Requirements and guidelines for protecting web applications as they are developed for all San Jose State University (SJSU) computer and communication system information

Application Service Provider Security Requirements

Requirements for application service providers for all SJSU computer and communication system information.