Cal Poly Information Security Program (ISP)
Background
California Polytechnic State University “University” has a highly complex and resource-rich information technology (IT) environment with an increasing reliance to provide critical teaching, research, and public service functions. A robust security foundation is necessary to protect the University’s information and IT assets in the face of growing security threats and establishing effective security practices to protect our computing infrastructure.
There are three pillars of security: Confidentiality, Integrity, and Availability; protecting these pillars requires an understanding of the threats and risks, and addressing them accordingly.
Threat--External and Internal: Attackers continue to take advantage of the rapid pace of change in technology for financial gain. The latest threats aggressively target multiple resources to ensure successful exploitation. Public-facing resources are no longer the greatest risk; instead, every employee and endpoint are potential points of entry into the network. Combinations of vulnerability exploits, spam, phishing, malicious URLs, and social engineering are easier to obfuscate, automate, and deploy than ever before.
Risk--Sensitive Data: The University manages many types of sensitive data including Protected Health Information (PHI), Personally Identifiable Information (PII), credit card data subject to Payment Card Industry security standards, research data, student records, data subject to export compliance, etc. Protecting sensitive data requires a thorough understanding of the nature of the information, where it is located, how it is created, transmitted, shared, stored, deleted, and ultimately its disposition. This program identifies, documents, implements, and manages controls to protect high-value assets and sensitive information throughout their lifecycle.
To read more, visit our Cal Poly Information Security Program (additional login required): Cal Poly Information Security Program (ISP)