概述: ESTA安全信息,描述由银河电子官方网址学院实施的保障措施来保护机密数据的计划。该计划的目标是确保资产的安全,努力这些支持银河电子官方网址学院的学术使命和文化。这些保障提供给:

(一)确保所有信息资产和数据的安全性和保密性包括机密非公开,

(二)防止任何预见的威胁或危害这类资产的安全性,并

(三)防止在这种方式可能导致实质损害或不便的客户未授权的访问或使用的资产。

机密数据:  在银河电子官方网址学院的 管理数据安全策略“机密数据”被定义为联邦和州法规的保护数据,并只能由个人需要,在进行他们的大学职能的过程中信息的目的使用。为了这些目的,机密数据是指,但不限于财务信息,学术和就业信息,以及其他私人纸质和电子记录。

代表名称: The Institution’s Information Security Analyst & Program Manager is designated as the Program Coordinator who shall be responsible for coordinating and overseeing the program. The Program Coordinator may designate other representatives of the Institution to oversee and coordinate particular elements of the program.  (For instance, the Director of Public Safety/Chief of Police has been designated as the coordinator for all paper records and physical security.)  Any questions regarding the implementation of the program or the interpretation of this document should be directed to the Program Coordinator or his or her designees. 

风险识别与评估: 银河电子官方网址学院识别并评估内部和外部的风险的安全性和机密数据的机密性,可能会导致未经授权的公开内容,误用,改变,破坏或其它信息妥协和一个这样的ssess的保障是否足够到位,控制这些风险 通过:

(I)从对内部评估进行外部厂商旋转风险评估执行风险评估,每年,

(二)把监督保障的到位,以检测和识别身份的潜在威胁,并

(三)监测SANS咨询小组比如,仁ISAC,EDUCAUSE和其他人跟上任何新的威胁可能会发展。

银河电子官方网址学院识别并评估了相关领域的风险,其中包括:

(I)员工培训和管理,

(ⅱ) 信息系统,网络和软件,包括设计,以及信息处理,存储,传输和处理;和

(ⅲ) 检测,预防和应对攻击,入侵,或其他系统故障。 

保障措施: The designated Program Coordinator will regularly monitor administrative, technical, and physical safeguards to control the risks identified through such assessments described above and to regularly test or otherwise monitor the effectiveness of such safeguards.  The Technology & Innovation (T&I) division of the college designs and implements safeguards in areas highlighted by the before mentioned assessments. An internal T&I document outlines 银河电子官方网址学院’s procedure for implementing and assessing these safeguards. 

服务供应商: Davidson College will, upon hiring or contracting third party service providers, ensure that they take similar steps to protect confidential data as outlined above. T&I has an internal document that states the security requirements current or potential providers must adhere to in order to protect Davidson’s confidential data.  Additionally, 银河电子官方网址学院 has a documented process for evaluating IT service providers including firms that host 银河电子官方网址 data or provide software as a service (SaaS) or similar solutions. 

调整方案: 指定的项目协调员负责调整和定期重新评估该计划的风险评估或发生重大变化发生时可能发生显着银河电子官方网址的操作的影响。指定的项目协调员将至少每年重新审视ESTA计划,以确保它是反光的银河电子官方网址的做法,并遵守监管​​要求。