
Information Security Policies & Standards
The campus information security program is composed of a collection of policies, guidelines and standards.
CSU-wide Responsible Use Policy
The majority of the policies are directly derived from the CSU-Wide Information Security Policy being incorporated into the new version of the State University Administration Manual. The guidelines and standards represent campus implementation of these policies. In addition, there are internal IITS practices (ITD's) which describe operational aspects of information security management on campus. Due to the sensitive nature of these documents these are not made available to the public. For more information on the internal campus standards, please contact the Information Security Office at infosec@csusm.edu.
CSU Standard
- CSU Information Security Policy and Standards
- Information Security Privacy of Personal Information
- Information Security Responsible Use Policy
- Sensitive Data Security and Protection Reports
- Systemwide Records Information Retention and Disposition Schedules Implementation Policy
Campus Policy Implementation
- Establishing an Information Security Program
- Information Security Risk Management
- Information Security Awareness and Training
- Access Control
- Information Asset Management
- Information Security Incident Management
- Policy Enforcement
- Responsible Use Policy
Section | CSU Policy Topic | CSU Standard | Campus Policy Implementation |
---|---|---|---|
8000.0 | Introduction and Scope | ||
8005.0 | Policy Management | ||
8010.0 | Establishing an Information Security Program | ![]() |
|
8015.0 | Organizing Information Security | ![]() |
|
8020.0 | Information Security Risk Management | ![]() |
|
8025.0 | Privacy of Personal Information | ||
8030.0 | Personnel Information Security | ![]() |
|
8035.0 | Information Security Awareness and Training | ![]() |
![]() |
8040.0 | Managing Third Parties | ![]() |
|
8045.0 | Information Technology Security | ![]() |
|
8050.0 | Configuration Management | ||
8055.0 | Change Control | ![]() |
|
8060.0 | Access Control | ![]() |
![]() |
8065.0 | Information Asset Management | ![]() |
![]() |
8070.0 | Information Systems Acquisition, Development and Maintenance | ![]() |
|
8075.0 | Information Security Incident Management | ![]() |
![]() |
8080.0 | Physical Security | ![]() |
|
8085.0 | Business Continuity and Disaster Recovery | ||
8090.0 | Compliance | ||
8095.0 | Policy Enforcement | ![]() |
|
8100.0 | Electronic and Digital Signatures | ![]() |
|
8105.0 | Responsible Use Policy | ![]() |