SENT ON BEHALF OF Ramon Padilla Jr.
In April as part of the five year cycle pursuant to Board Policy 1A.1 Minnesota State Colleges and Universities and Administration, Part 6, Subpart H, periodic review,
5.22 Acceptable use of computers and information technology resources passed through the review process and is now awaiting Board of Trustee approval. This policy will be on the October and November board agendas.
The remaining procedures and guidelines are being sent out for comment and should be viewed as a package called information security data classification. A diagram is attached to help you navigate through the related procedures and guidelines. This information security data classification package is a foundational piece of our information security policy and procedure set. Almost everything about information security revolves around data; who “owns” it, the rules and regulations that apply to it, who cares for it, and what kind of controls need to be put in place to ensure its safekeeping. These procedures and guidelines do exactly that – they explicitly define the parameters around data and how we must care for it. Additionally, they also give us our first foundational pieces of data governance.
Comments regarding the procedures and guidelines are welcome. Please note that the information security controls guideline is VERY technical. I am happy to report that there is “an app for that” already developed and the guideline was created to show the thought process that drives the app. I am happy to say that for any system that needs controls to be evaluated, it is only a 7 question process in the app to get the resulting controls.
Procedure and Guideline needing Review:
5.23.2 Data Security Classification Procedure
22.214.171.124 Data Security Classification Guideline
5.23.3. Information Security Requirements & Controls Procedure
126.96.36.199 Information Security Controls Guideline
Comments can be left on the SharePoint site.
Link to document: System Procedure 5.23.2 and 5.23.3
COMMENT CLOSING DATE: August 19, 2016 end of business day.
If you are unable to access the site or have problems submitting comments in that manner, please contact Michael.Nordby@so.mnscu.edu.
Ramon Padilla Jr.
Vice Chancellor and Chief Information Officer
Minnesota State Colleges & Universities
30 7th Street East, Suite 350
St. Paul, MN 55101
Christine Benner, Assistant | Christine.Benner@so.mnscu.edu | 651-201-1462 |