Ohio Admin. Code 3358:5-11-19 - Information technology security policy

In order to fulfill its mission of instruction and providing value to the community, the college is committed to providing a secure yet open network that protects the integrity and confidentiality of information while maintaining its accessibility.

(A) Information technology (IT) assets are comprised of computing equipment, network infrastructure, operating systems, applications, data, and all technologies that support the information and computing needs of the college.

(B) The college is responsible for the security and integrity of data it acquires about employees, independent contract workers, students, board members, student and employment applicants, and users of its facilities.

(C) IT assets must be protected from various security threats such as theft, vandalism, virus infections, denial of service attacks, and other activities that would breach their confidentiality, compromise their integrity, or prevent their availability.

(D) Appropriate controls must be used to protect physical access to resources, commensurate with the identified level of acceptable risk. These may range in scope with complexity from extensive security installations to protect a room or facility where server are located to simple measures taken to protect a user's display screen.

(D) (E) Appropriate security measures for authentication, authorization, and accounting shall be implemented and maintained to ensure the confidentiality, integrity, and availability of IT assets and the security of information.

(E) (F) While implementing the implementation of security measures is needed to protect the college's IT assets, too much security could limit their usability and cause intolerable inconvenience to the users. The security measures must balance between restrictions and convenience as well as the cost to implement security measures.

(F) (G) The college shall implement measures to make the college compliant with federal, state, and and payment card industry (PCI) local requirements for IT security.

(G) (H) The college shall designate an information security officer (ISO) who is responsible for enforcing the measures necessary compliancy to protect the IT assets of the college and the security of personal information.

(H) (I) Departments shall work with the ISO to make sure ensure that the IT assets in their possession are secured as specified in the IT security procedures.

(I) (J) All college employees, independent contract workers, students, and board members shall be appropriately informed of the college's IT security policy and procedures.

(J) (K) Failure to comply: Violation of any of the Clark state IT security policy and procedures may result in disciplinary or other appropriate action.

(L) User accounts and access to network assets can be revoked at any time.

Notes

Ohio Admin. Code 3358:5-11-19

Effective: 10/23/2015
Promulgated Under: 111.15
Statutory Authority: 3358
Rule Amplifies: 3358
Prior Effective Dates: 5/30/07, 3/18/15