Security Standards

Information Security Program

Established to meet the requirements of policy # 5250: Information Security, and guided by policies and standards from the state Office of the Chief Information Officer (OCIO), an information security program has been established at Bellevue College.  It is documented and maintained through individual college policies, procedures and security standards which address expected information security practices.  The program is administered by the vice-president of Information Technology Services (ITS) and his designees.

This information security program is undergoing an extensive revision during 2017, in which all policies, procedures, standards and processes are being examined and updated.  The numbering system is new, as well.

Approved information security policies and procedures are posted on the college policies website.  This page contains links to all updated information security standards .  If a standard listed below does not have a link, the update to the standard is still in progress.

If  you have concerns, suggestions or questions about the standards linked below as they are posted, please send an e-mail to the IT Compliance Manager.

Standards will be posted here once approved;  documents listed without a link are listed here for reference only, pending approval.  This list is subject to change as updates are approved.


Operational Standards

These are established processes and expectations likely to be applicable to or of interest to general campus users.

Final versions are dated;  draft versions going through the approval process are noted as “draft,” and are subject to extensive modification before final approval.

Titles struck through are pending deletion once an alternate document is fully approved.  This change from being a stand-alone standard is usually because of an update in status to procedure or policy, or because it was merged into another document.

  • 110 – Risk Assessment and Management
  • 210 – Security Program and Strategy (7-15-14)
  • 220 – Information Security Definitions (Draft)
  • 310 – IT Support Personnel
  • 320 – Information Security Manager
  • 420 – Employee Security Training
  • 505 – Equipment Inventory
  • 510- Electronic Media Disposal
  • 520 – Use of College Resources off-Campus
  • 605 – Web Space Usage
  • 615 – Web Information Accessibility
  • 620 – User Management
  • 625 – Security Privileges
  • 635 – Connecting Non-College Equipment
  • 640 – Portable Data Storage Devices
  • 655 – Mobile Computing Devices
  • 660 – Authentication Management
  • 670 – Administrative System Access
  • 680 – Social Engineering
  • 810 – Physical Security
  • 910 – Data Backup
  • 920 – Change Management
  • 930 – Software Management
  • 935 – Restricted Services and Applications
  • 940 – Distribution List Usage (12-4-14)
  • 1005 – Network Data Storage
  • 1060 – Video and Television Services
  • 1070 – Patch Management
  • 1095 – Remote Computer Servicing
  • 1110 – Technology Purchasing and Logistics
  • 1230 – Technology Partnerships
  • 1310 – Investigations (11-13-17)
  • 1420 – Data Recovery
  • 1430 – Disaster Recovery (11-13-17)
  • 1530 – Payment Card Security
Technical Standards

These are more technical in nature, and of interest primarily to IT support personnel.

  • 120-T – Security Assessment (Technical)
  • 630-T – Data Management (Technical)
  • 650-T – Login Banner (Technical)
  • 655-T – Mobile Device Management (Technical)
  • 710-T – Encryption Tools and Protocols (Technical)
  • 915-T – System Logging and Audit (Technical)
  • 950-T – Virus and Malware Protection (Technical)
  • 1005-T – Network Time Protocol Configuration (Technical)
  • 1010-T – Network Printer Configuration (Technical)
  • 1015-T – Network Device Configuration and Management (Technical)
  • 1020-T – Network Server Configuration (Technical)
  • 1025-T – Computing System Configuration (Technical)
  • 1030-T – Electronic Mail Configuration (Technical)
  • 1035-T – Phone System Configuration (Technical)
  • 1040-T – Wireless Network Management (Technical)
  • 1045-T – Web Servers (Technical)
  • 1050-T – Remote Network Access Configuration (Technical)
  • 1055-T – SSH Configuration (Technical)
  • 1065-T – Firewall Change Management (Technical)
  • 1075-T – byRequest Configuration (Technical)
  • 1080-T – DNS Configuration (Technical)
  • 1120-T – Application Development (Technical)
  • 1300-T – Intrusion Detection and Incident Response (Technical)
  • 1510-T – Payment Card Network Configuration (Technical)

Old security standards still in place may be accessed at: https://commons.bellevuecollege.edu/itsecurity/old-standards/

Leave a Reply

Skip to toolbar