Sonoma State University

Get IT Help

Information Security - Policies and Standards

This table links to specific sections of CSU and SSU security policies and standards. 

Policies and Standards
Systemwide PoliciesSystemwide StandardsSSU Standards
CSU Information Security Policy and Scope Introduction, Scope, and Goals (Sections 1 to 3)
Roles and Responsibilities Roles and Responsibilities Standard (Section 7)
ISO Domain 5: Information Security Policy  
ISO Domain 6: Organization of Information Security Policy

ISO Domain 6: Organization of Information Security Standard

Risk Management Strategies

Formal Risk Assessment Process

Informal Risk Assessment Process

 
ISO Domain 7: Human Resource Security Policy

ISO Domain 7: Human Resource Security Standard

Employment Separations and Position Change

Information Security Training and Awareness Activities

Personnel Security Standard (Section 9)

Information Security Awareness Training Standard (Section 10)

ISO Domain 8: Asset Management Policy

ISO Domain 8: Asset Management Standard

Data Classification

Cloud Storage and Services

Data Inventory Procedure (Section 16)

Cloud Procurement Standard (Section 17)

Information Asset Management (Section 18)

ISO Domain 9: Access Control PolicyISO Domain 9: Access Control StandardAccess Control Standard (Section 15)
ISO Domain 10: Cryptography PolicyISO Domain 10: Cryptography Standard 
ISO Domain 11: Physical and Environmental Security PolicyISO Domain 11: Physical and Environmental Security StandardPhysical Security Standard (Section 20)
ISO Domain 12: Operations Security PolicyISO Domain 12: Operations Security Standard

Vulnerability Management Standard (Section 11)

Monitoring Standard (Section 12)

Configuration Management Standard (Section 13)

Change Control Standard (Section 14)

ISO Domain 13: Communications Security PolicyISO Domain 13: Communications Security Standard 
ISO Domain 14: Systems Acquisition, Development and Maintenance PolicyISO Domain 14: Systems Acquisition Standard 
ISO Domain 15: Supplier Relationships PolicyISO Domain 15: Supplier Relationships Standard 
ISO Domain 16: Information Security Incident Management PolicyISO Domain 16: Incident Management StandardIncident Response Standard (Section 19)
ISO Domain 17: Information Security Aspects of Business Continuity Management PolicyISO Domain 17: Business Continuity Management Standard 
ISO Domain 18: Compliance Policy

ISO Domain 18: Compliance Standard

Standards Enforcement

Exceptions

Compliance Standard (Section 21)

Enforcement Standard (Section 22)

Definitions  
Privacy of Personal Information  
Debit/Credit Card Payment Policy  

Responsible Use Policy

CALREN Acceptable Use Policy

  
  Personal Confidential Information
  Computer and Network Usage