Report an accessibility problem

Ira A. Fulton Schools of Engineering | Engineering Technical Services

Select Page

Security Policy and Governance

Information Security Office (Policies)

The ASU Information Security Policy establishes the framework for the protection of university assets and information resources from accidental or intentional unauthorized access or damage, while also preserving the open information sharing requirements of its academic culture. It describes how information should be accessed, how resources are permitted to be used, how permissions are delegated, and much more.

https://getprotected.asu.edu/governance

Internal Computing Controls

Encryption

ASU policy mandates that all data on its network be encrypted both in transit, and at rest. This ensures that even if a device gets physically stolen, the information on it is inaccessible to the attacker. The Information Security office is available to assist with implementing and reviewing to ensure this requirement is being met.

https://getprotected.asu.edu/content/device-data-encryption

Antivirus

Antivirus programs protect ASU by preventing malicious programs from invading the network and causing damage or theft of information. ASU recommended antivirus products can be found below.

https://getprotected.asu.edu/software/antivirus

Patch Management

Is the process of keeping all the software on all systems on the network up to date. ASU policy mandates that every personal device, device that connects to the network, operates on behalf of ASU, or utilizes ASU services (including ASU owned entities), must be patched with vendor provided security patches.

https://drive.google.com/file/d/0B7bqVGx3GJQbNUZmWVNPUlpLUjQ/view

Central Management

Helps keep the network secure, by managing the entire thing from a central few servers and administrators. This makes it easy to obtain the status of the entire network, so that in the event of an attack, swift action may be taken against it. At ASU, this is done by the Information Security Office.

https://getprotected.asu.edu/

Exception Process

In some circumstances, especially specific to research computing, higher-end systems might be required. The school’s information technology team will work with researchers to provide recommendations for high-end systems that might require increased CPU speed, additional memory, additional storage, and GPU compute capabilities.

More details specific to the Fulton Schools process can be found on the FSE Computer Standards page.

 

Technology Control Plans

ASU Has a thorough, and detailed action plan to control and maintain security integrity for devices on its network that includes

  • Running routine scans on systems
  • Documenting the purpose of each device on the network
  • Identifying and Responding to security risks
  • and more

The full documentation can be found at the link below

https://drive.google.com/file/d/1J66vE8lD5c3Kt-okU_04Y7FkTRgTh3vx/view

Privacy (GDPR)

The General Data Protection Regulation (GDPR) is a privacy law implemented and enforced by all countries in the European union (and Switzerland). The primary goal of this law is to give people the right to control their personal data and how it’s used. Full ASU GDPR documentation may be found at the link below.

https://getprotected.asu.edu/GDPR

Data Handling Matrix

The Data Handling Matrix provides a central location for all of the private information that ASU stores to be managed. Each row represents a store of information, and each column represents a standard that it must be upheld to.This helps keep everything organized, so that it may be upheld to regulatory standards.

https://getprotected.asu.edu/aistsummaryindex

Data Handling Standards – Information Classification

ASU handles data on a 4 level standard:

  1. Public
  2. Internal
  3. Sensitive
  4. Highly Sensitive

Depending on which level of sensitivity the data is on, different sets of actions will be taken to ensure that the information gets allocated the appropriate level of security. The specifics on how each level of information is protected is described at length in the document below.

https://docs.google.com/file/d/0B7bqVGx3GJQbM2JwMFlkdl91clk/edit