Information Security Policy – Peru State College Computer Services

Information Security Program (ISP)

The Board recognizes the importance of information security. The following shall constitute Board policy concerning information security.

Each College and the System Office will have an Information Security Program (ISP) which ensures availability, confidentiality and integrity of NSCS Technology Resources. Collectively, these programs will constitute the Information Security Program (ISP) for the NSCS, and this NSCS ISP shall satisfy the Gramm-Leach-Bliley Act (GLBA) requirements for non-public financial data.

The ISP will comply and align with other NSCS policies and shall be based on the Information Security Standards identified in this Policy.

Each President shall designate an individual responsible for each College ISP. The Vice Chancellor for Facilities and Information Technology shall be the individual responsible for the System Office ISP and shall serve as the System Office Information Security Officer (SOISO).

The SOISO shall coordinate with each President’s designee to review the NSCS ISP no less frequently than annually, and to update as necessary.

To protect all Technology Resources of the NSCS, this Policy and NSCS ISP applies to all faculty, staff, students, visitors, vendors and contractors, and to all systems that access, store or transmit NSCS data.

In all Standards, the principles of least privilege, least functionality, and defense in depth, shall be applied.

Information Security Program Standards

Each College and the System Office shall implement and apply the following NSCS ISP Standards:

Standard 1: Definitions and Related Law, Policy and References

Standard 2: Responsibilities, Enforcement and Exceptions

Standard 3: Security Training and Awareness

Standard 4: Information Protection

Standard 5: Acceptable Use Policy

Standard 6: Computer and Network Security

Standard 7: Configuration and Change Management

Standard 8: Email

Standard 9: Physical Security