Information Security Plan

Introduction

Purpose

The California State University Channel Islands (CI) Information Security Plan establishes the framework for the protection of university assets and information resources from accidental or intentional unauthorized access or damage, while also preserving the open information sharing requirements of its academic culture. This plan lays the foundation for a common understanding of information security at CI based on the generally accepted principles of confidentiality, availability and integrity. Confidentiality limits information access to authorized users, integrity protects information against unauthorized modification and availability ensures that information is accessible when needed. Together these three principles ensure that university information can be used in support of the pursuit of the university’s goals of teaching, research, and service.

Additionally, the plan provides for the integrity of institutional processes and records and supports the university’s compliance with state and federal laws, rules and regulations. CI's Information Security Plan outlines a University Information Security Program and a University Information Security Task Force.

California State University Channel Islands is required by the Integrated California State University Administrative Manual to create an information security plan.  Each major section listed here references and implements a particular section, or sections, of the Integrated Califiornia State University Administrative Manual (ICSUAM) Policy on Information Security, Section 8000.

This page describes CI's Information Security Plan.  Whenever possible, links or references to supporting documentation, including T&I Business Practices are provided for further information on the University's information security efforts.

Conventions

For the purposes of this page:

  • "Shall" and "must" are used in the imperative sense,
  • "May" is used in the permissive sense, and
  • The use of the masculine gender implies feminine, and vice versa. 

Information Security Plan Sections

  1. Information Security Organization
  2. Information Security Risk Management
  3. Privacy of Personal Information
  4. Personnel Information Security
  5. Information Security Awareness
  6. Third Party Management
  7. Information Technology Security
  8. Configuration Management and Change Control
  9. Access Control
  10. Information Asset Management
  11. Information Systems Lifecycle
  12. Security Incident Response
  13. Physical Security
  14. Business Continuity and Disaster Recovery
  15. Compliance, Execution and Enforcement