Procedures 5.23.2 and 5.23.3 Review Extended: Sept 19, 2016

SENT ON BEHALF OF Ramon Padilla Jr.

Greetings,

Due to the importance of these procedures, we are extending the deadline for review to September 19, 2016.   Please note, that these procedures, particularly 5.23.2 and 5.23.2.1 are especially pertinent to senior campus administrators.  The diagrams and FAQ included in this data classification package are particularly helpful starting points when reviewing these procedures and guidelines.

Policy 5.23.3 addresses Information Security Requirements & Controls and assigns responsibilities for information security requirements.  Due to the technical nature of 5.23.31 technical staff are providing feedback on this guideline.

The attached information security data classification package is a foundational piece of our information security policy and procedure set.  Almost everything about information security revolves around data; who “owns” it, the rules and regulations that apply to it, who cares for it, and what kind of controls need to be put in place to ensure its safekeeping.  These procedures and guidelines do exactly that – they explicitly define the parameters around data and how we must care for it.  Additionally, they also give us our first foundational pieces of data governance.

Review and comments regarding the procedures and guidelines are welcome and necessary .  As noted above the information security controls guideline is VERY technical.  I am happy to report that there is “an app for that” already developed and the guideline was created to show the thought process that drives the app. I am happy to say that for any system that needs controls to be evaluated, it is only a 7 question process in the app to get the resulting controls.

Procedure and Guideline needing Review:

5.23.2                    Data Security Classification Procedure

5.23.2.1                Data Security Classification Guideline

5.23.3.                   Information Security Requirements & Controls Procedure

5.23.3.1                Information Security Controls Guideline

Comments can be left on the SharePoint site: https://connect.mnscu.edu/sites/findivpolproc/SitePages/View%20All.aspx.

 If you are unable to access the site or have problems submitting comments in that manner, please contact Michael.Nordby@so.mnscu.edu

Ramon Padilla Jr.

Vice Chancellor and Chief Information Officer

Christine Benner, Assistant | Christine.Benner@so.mnscu.edu | 651-201-1462 |

 

Leave a Reply

Up ↑

%d bloggers like this: