Search form

Search ISC ...

Information Security Policies & Procedures

Overview

ISC's Office of Information Security establishes policies that comply with the University, state and federal regulations. These policies address the requirement to protect information from disclosure, unauthorized access, loss/corruption of electronic and physical data. Along with well-documented best practices and procedures, the policies enable an organization to manage business risk through defined controls which provide a benchmark for audit and corrective action. Notable policies and best practices include:

Computing Policies and Guidelines
Information Security Best Practices
Computer Security Policy
Policy on Acceptable Use of Electronic Resources
Policy on Unauthorized Copying of Copyrighted Media
Policy on Computer Disconnection from PennNet
Policy on Requirements for Authenticated Access to PennNet
Information Systems Security Incident Response Policy

Procedures

Response to a Compromised Computer with Sensitive Data
PGP Key Signing Procedure

Guidelines

Security Logging Guidelines
Penn Data Risk Classification
Use of Penn+Box and Amazon Web Services
Computer Security Incident Handling

Forms

Employee Exit IT Checklist

Share:

Print

InfoSec Home

Resources

Digital Millennium Copyright Act
NIST (800-53) Security and Privacy Controls for Information Systems and Organizations
NIST (800-171) Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations
Security Liaisons

Contact InfoSec

Computing Policies
Tech Jobs @ Penn

System Status