SECTION 1 – INTRODUCTION
PURPOSE
The purpose of this standard is to define the minimum requirements for information security and risk management activities for all of the University of Mary Washington.
SCOPE
The scope of this standard covers all information technology used by the University of Mary Washington.
SECTION 2 – STANDARD
UMW has adopted the Commonwealth of Virginia (CoVA) IT Resource Management (ITRM) Information Security Standard SEC 501-07.1 as its standard for information security. This standard establishes a baseline for information security and risk management activities for the University. These activities include, but are not limited to, any regulatory requirements the University is subject to, information security best practices, and the requirements defined in this standard. These information security and risk management activities will provide protection of, and mitigate risks to agency information systems and data.
The Information Security Standard defines the following categories of administrative, technical and physical information security controls:
- Access Control
- Awareness and Training
- Audit and Accountability
- Security Assessment and Authorization
- Configuration Management
- Contingency Planning
- Identification and Authorization
- Incident Response
- Maintenance
- Media Protection
- Physical and Environmental Protection
- Planning
- Personnel Security
- Risk Assessment
- System and Services Acquisition
- System and Communications Protection
- System and Information Integrity
Component areas of the University’s Information Security Program provide the organizational framework for this standard. UMW will establish, document, implement, and maintain its information security program appropriate to its business and technology environment in compliance with this standard. In addition, because resources that can reasonably be committed to protecting IT systems are limited, the University will implement its information security program in a manner commensurate with sensitivity and risk.
SECTION 3 – REFERENCE AND SUPPORTING INFORMATION
REFERENCES
UMW uses the CoVA ITRM Information Security Standard SEC 501-7.1 as its standard for Information Security. The standard can be found at:
SUPPORTING INFORMATION
N/A
SECTION 4 – GOVERNANCE
RESPONSIBILITY
Responsible manager(s) | IT Security Office |
Procedure administrator | IT Security Office |
Approving body | Office of the CIO |
SECTION 5 – STANDARDS REVIEW AND MAINTENANCE
This standard is reviewed annually by 1 July of each succeeding year. The Director of ISO or assigned designee will review the standards for accuracy and relevancy and make any necessary revisions or adjustments.
Document footers will be updated to include the date of the most recent revision.
The Change History matrix will be updated accordingly.
Any exceptions or changes to this process will be approved by the CIO.
CHANGE HISTORY
Approved V1.0 September 24, 2013 by Acting CIO
Updated per published standards v1.1 May 25, 2016
Aligned with IT template v1.2 May 31, 2016