Crosswalk from ICUSAM Section 8000 to º£½ÇÉçÇø System Information Security Policy
The º£½ÇÉçÇø Chancellor’s Office undertook a project to simplify and streamline system-wide information security policies and standards. The results of this project were:
- Consolidate 22 separate and stand-alone information security policies into a comprehensive system-wide information security policy.
- Consolidate 23 separate and stand-alone information security standards into a comprehensive system-wide information security standards.
The single comprehensive information security policy and the information security standards are both aligned with ISO 27002:2013 (Information technology — Security techniques — Code of practice for information security controls) as the system’s preferred industry framework for implementing minimum information security controls.
Before the policy and standards simplification project, º£½ÇÉçÇø system information security policies and standards were located in section 8000 of the Integrated º£½ÇÉçÇø Administrative Manual (Iº£½ÇÉçÇøAM). As campuses may still have campus-specific policies and standards that reference the old ICUSAM numbering system, this crosswalk is provided to help campuses quickly compare ICUSAM numbers to the corresponding new sections of the º£½ÇÉçÇø System Information Security Policy.
Iº£½ÇÉçÇøAM Policy Number and Name | º£½ÇÉçÇø Information Security Policy Heading |
8000.00 Introduction and Scope (2010) | |
8005.00 Policy Management (2010) | |
8010.00 Establishing an Information Security Program (2010) | |
8015.00 Organizing Information Security (2010) | |
8020.00 Information Security Risk Management (2010) | |
8030.00 Personnel Information Security (2010) | |
8035.00 Information Security Awareness and Training (2010) | |
8040.00 Managing Third Parties (2010) | |
8045.00 Information Technology Security (2010) | |
8050.00 Configuration Management (2010) | |
8055.00 Change Control (2010) | |
8060.00 Access Control (2010) | |
8065.00 Information Asset Management (2010) | |
8070.00 Information Systems Acquisition, Development and Maintenance (2010) | |
8075.00 Information Security Incident Management (2010) | |
8080.00 Physical Security (2010) | |
8085.00 Business Continuity and Disaster Recovery (2010) | |
8090.00 Compliance (2010) | |
8095.00 Policy Enforcement (2010) | |
8100.00 Electronic and Digital Signatures (2015) |
Crosswalk from ICUSAM Section 8000 to º£½ÇÉçÇø System Information Security Standards Headings
The º£½ÇÉçÇø Chancellor’s Office undertook a project to simplify and streamline system-wide information security policies and standards. The results of this project were:
- Consolidate 22 separate and stand-alone information security policies into a comprehensive system-wide information security policy.
- Consolidate 23 separate and stand-alone information security standards into a comprehensive system-wide information security standards.
The single comprehensive information security policy and the information security standards are both aligned with ISO 27002:2013 (Information technology — Security techniques — Code of practice for information security controls) as the system’s preferred industry framework for implementing minimum information security controls.
Before the policy and standards simplification project, º£½ÇÉçÇø system information security policies and standards were located in section 8000 of the Integrated º£½ÇÉçÇø Administrative Manual (Iº£½ÇÉçÇøAM)]. As campuses may still have campus-specific policies and standards that reference the old ICUSAM numbering system, this crosswalk is provided to help campuses quickly compare ICUSAM numbers to the corresponding new sections of the º£½ÇÉçÇø System Information Security Standards.
Iº£½ÇÉçÇøAM Standard Number and Name | º£½ÇÉçÇø Information Security Standards Heading |
8015.S000 Information Security Roles and Responsibilities (2013) | |
8020.S000 Information Security Risk Management-Exception Standard (2015) | |
8020.S001 Information Security Risk Management-Risk Assessment Standard (2015) | |
8030.S000 Personnel Security (2013) | |
8035.S000 Security Awareness and Training (2013) | |
8040.S001 Third Party Security Standards (2012) | |
8045.S200 Malicious Software Protection (2014) | |
8045.S300 Network Controls Management (2013) | |
8045.S301 Boundary Protection and Isolation (2014) | |
8045.S302 Remote Access to º£½ÇÉçÇø Resources (2013) | |
8045.S400 Mobile Device Management (2013) | |
8045.S600 Logging Elements (2014) | |
8050.S100 Configuration Management--Common Workstation Standard (2015) | |
8050.S200 Configuration Management--High Risk/Critical Workstation Standard (2015) | |
8055.S01 Change Control (2011) | |
8060.S000 Access Control (2013) | |
8065.S001 Asset Management (2013) | |
8065.S02 Data Classification Standards (2011) | |
8065.S003 Information Asset Management-Cloud Storage & Servers (2017) | |
8070.S000 Application Security (2015) | |
8075.S000 Information Security Incident Management (2014) | |
8080.S01 Physical and Environmental Security (2011) | |
8100.S01 º£½ÇÉçÇø Electronic and Digital Signature Standards and Procedures (2016) |
Crosswalk from ICUSAM Section 7100 to º£½ÇÉçÇø Policy Stat
| Iº£½ÇÉçÇøAM Standard Number and Name | Policy Stat |
|---|---|
| 7100 Identity Access Management |