Information Security - Policies and Standards

This table links to specific sections of CSU and SSU security policies and standards. 

Policies and Standards
Systemwide Policies Systemwide Standards SSU Standards

CSU Information Security Policy and Scope

  

Introduction, Scope, and Goals
Roles and Responsibilities   Roles and Responsibilities Standard
ISO Domain 5: Information Security Policy    
ISO Domain 6: Organization of Information Security Policy

ISO Domain 6: Organization of Information Security Standard

Risk Management Strategies

Formal Risk Assessment Process

Informal Risk Assessment Process

  
ISO Domain 7: Human Resource Security Policy

ISO Domain 7: Human Resource Security Standard

Employment Separations and Position Change

Information Security Training and Awareness Activities

Personnel Security Standard

Information Security Awareness Training Standard
ISO Domain 8: Asset Management Policy

ISO Domain 8: Asset Management Standard

Data Classification

Cloud Storage and Services

Data Inventory Procedure

Cloud Procurement Standard

Information Asset Management
ISO Domain 9: Access Control Policy ISO Domain 9: Access Control Standard Access Control Standard
ISO Domain 10: Cryptography Policy ISO Domain 10: Cryptography Standard  
ISO Domain 11: Physical and Environmental Security Policy ISO Domain 11: Physical and Environmental Security Standard Physical Security Standard
ISO Domain 12: Operations Security Policy ISO Domain 12: Operations Security Standard

Vulnerability Management Standard

Monitoring Standard

Configuration Management Standard

Change Control Standard
ISO Domain 13: Communications Security Policy ISO Domain 13: Communications Security Standard  
ISO Domain 14: Systems Acquisition, Development and Maintenance Policy ISO Domain 14: Systems Acquisition Standard  
ISO Domain 15: Supplier Relationships Policy ISO Domain 15: Supplier Relationships Standard  
ISO Domain 16: Information Security Incident Management Policy ISO Domain 16: Incident Management Standard Incident Response Standard
ISO Domain 17: Information Security Aspects of Business Continuity Management Policy ISO Domain 17: Business Continuity Management Standard  
ISO Domain 18: Compliance Policy

ISO Domain 18: Compliance Standard

Standards Enforcement

Exceptions

Compliance Standard

Enforcement Standard
Definitions    
Privacy of Personal Information    

Debit/Credit Card Payment Policy

    

Responsible Use Policy

CALREN Acceptable Use Policy

    
    Personal Confidential Information
    Computer and Network Usage