Information Security Program
Established to meet the requirements of policy # 5250: Information Security, and guided by policies and standards from the state Office of the Chief Information Officer (OCIO), an information security program has been established at Bellevue College. It is documented and maintained through individual college policies, procedures and security standards which address expected information security practices. The program is administered by the vice-president of Information Technology Services (ITS) and his designees.
This information security program is undergoing an extensive revision during 2017, in which all policies, procedures, standards and processes are being examined and updated. The numbering system is new, as well.
Approved information security policies and procedures are posted on the college policies website. This page contains links to all updated information security standards . If a standard listed below does not have a link, the update to the standard is still in progress.
If you have concerns, suggestions or questions about the standards linked below as they are posted, please send an e-mail to the IT Compliance Manager.
Standards will be posted here once approved; documents listed without a link are listed here for reference only, pending approval. This list is subject to change as updates are approved.
These are established processes and expectations likely to be applicable to or of interest to general campus users.
Final versions are dated; draft versions going through the approval process are noted as “draft,” and are subject to extensive modification before final approval.
Titles struck through are pending deletion once an alternate document is fully approved. This change from being a stand-alone standard is usually because of an update in status to procedure or policy, or because it was merged into another document.
110 – Risk Assessment and Management
- 210 – Security Program and Strategy (7-15-14)
- 220 – Information Security Definitions
- 310 – IT Support Personnel
- 320 – Information Security Manager
420 – Employee Security Training 505 – Equipment Inventory 510- Electronic Media Disposal 520 – Use of College Resources off-Campus 605 – Web Space Usage 615 – Web Information Accessibility 620 – User Management 625 – Security Privileges 635 – Connecting Non-College Equipment 640 – Portable Data Storage Devices 655 – Mobile Computing Devices 660 – Authentication Management 670 – Administrative System Access 680 – Social Engineering 810 – Physical Security 910 – Data Backup 920 – Change Management 930 – Software Management 935 – Restricted Services and Applications
- 940 – Distribution List Usage (12-4-14)
1005 – Network Data Storage
- 1060 – Video and Television Services
1070 – Patch Management
- 1095 – Remote Computer Servicing
1110 – Technology Purchasing and Logistics 1230 – Technology Partnerships
- 1310 – Investigations
1420 – Data Recovery
- 1430 – Disaster Recovery and Business Resumption (draft)
1530 – Payment Card Security
These are more technical in nature, and of interest primarily to IT support personnel.
- 120-T – Security Assessment (Technical)
- 630-T – Data Management (Technical)
- 650-T – Login Banner (Technical)
- 655-T – Mobile Device Management (Technical)
- 710-T – Encryption Tools and Protocols (Technical)
- 915-T – System Logging and Audit (Technical)
- 950-T – Virus and Malware Protection (Technical)
- 1005-T – Network Time Protocol Configuration (Technical)
- 1010-T – Network Printer Configuration (Technical)
- 1015-T – Network Device Configuration and Management (Technical)
- 1020-T – Network Server Configuration (Technical)
- 1025-T – Computing System Configuration (Technical)
- 1030-T – Electronic Mail Configuration (Technical)
- 1035-T – Phone System Configuration (Technical)
- 1040-T – Wireless Network Management (Technical)
- 1045-T – Web Servers (Technical)
- 1050-T – Remote Network Access Configuration (Technical)
- 1055-T – SSH Configuration (Technical)
- 1065-T – Firewall Change Management (Technical)
- 1075-T – byRequest Configuration (Technical)
- 1080-T – DNS Configuration (Technical)
- 1120-T – Application Development (Technical)
- 1300-T – Intrusion Detection and Incident Response (Technical)
- 1510-T – Payment Card Network Configuration (Technical)
Old security standards still in place may be accessed at: http://commons.bellevuecollege.edu/itsecurity/old-standards/