Overview
ISC's Office of Information Security establishes policies that comply with the University, state and federal regulations. These policies address the requirement to protect information from disclosure, unauthorized access, loss/corruption of electronic and physical data. Along with well-documented best practices and procedures, the policies enable an organization to manage business risk through defined controls which provide a benchmark for audit and corrective action. Notable policies and best practices include:
- Computing Policies and Guidelines
- Information Security Best Practices
- Computer Security Policy
- Policy on Acceptable Use of Electronic Resources
- Policy on Unauthorized Copying of Copyrighted Media
- Policy on Computer Disconnection from PennNet
- Policy on Requirements for Authenticated Access to PennNet
- Information Systems Security Incident Response Policy
Procedures
Guidelines
- Security Logging Guidelines
- Penn Data Risk Classification
- Use of Penn+Box and Amazon Web Services
- Computer Security Incident Handling