Information Security Policies
Policies
Security Incident Reporting
Policies
It is the collective responsibility of all users to ensure the confidentiality, integrity, and availability of information assets owned, leased, or entrusted to SDSU Research Foundation in an effective, efficient, ethical, and legal manner. Users are expected to use good judgment and reasonable care in order to protect and preserve the integrity of research foundation equipment, its data and software, and its access. Users are responsible for observing policies related to the use of all internal and external computers or networks. Use of SDSU Research Foundation systems constitutes your understanding of agreement to the terms and conditions in the SDSURF SDSU Research Foundation, CSU, and SDSU IT Security Policies and Standards.
SDSU Research Foundation Information Security Policies
Information Assets Responsible Use Policy
Data Classification and Handling Policies
CSU and SDSU IT Security Policies, Standards, and Procedures
The Board of Trustees of the California State University (CSU) and SDSU is responsible for protecting the confidentiality, integrity and availability of CSU information assets. Unauthorized modification, deletion, or disclosure of information assets can compromise the mission of the CSU, violate individual privacy rights, and possibly constitute a criminal act. Auxiliaries (including SDSU Research Foundation), external businesses, and organizations that use campus information assets must operate those asses in conformity with CSU and SDSU policies.
SDSU IT Security Policies, Standards, and Procedures
CSU Information Security Policies and Standards
Security Incident Reporting
If you become aware of a potential breach of protected data or of security issues regarding SDSU Research Foundation computers or network resources, you must report it to the SDSU IT Security Office immediately.
SDSU has a Security Incident Response Plan and a Cyber Incident Response Team (CIRT) to help coordinate investigations and responses to potential incidents.
CIRT has implemented the following incident response procedures if you suspect that your systems or information may have been compromised:
- If you become aware of or suspect potential exposure of protected data or security issues regarding SDSU Research Foundation or SDSU computers or network resources, report it to the SDSU Information Security Office immediately: https://ServiceNow.sdsu.edu/incident. Immediate reporting can help reduce potential exposure and help ensure legal and contractual reporting requirements are met.
- The SDSU Information Security Officer, or their designee, will act as the Incident Response Manager (IRM) and with the assistance of you and your team, will coordinate all aspects of the incident response process, engaging appropriate campus resources to help ensure investigations, communications and responses comply with all applicable policies, contractual agreements, and laws and are appropriately documented. You must coordinate with the SDSU Information Security Office before initiating any actions or communications during the incident response process.
- After reporting the incident to the SDSU IT Security Office, report it to your supervisor and to SDSURF Risk Management at sdsurfriskmanagement@sdsu.edu.
- If the incident involves lost, stolen or missing equipment, you must also file a report with SDSU Public Safety 619-594-1991 and coordinate with the asset custodian to complete the Lost Computer Equipment Form.
- Phishing and fraudulent emails should be forwarded to fraud@sdsu.edu.
More detailed information about the SDSU Security Incident Response Plan (SIRP) is available in the SDSU Information Security Plan, Section 2.0 Introduction to the IT Security Response Program (SIRP).
* Note: Documents in Portable Document Format (PDF) require Adobe Acrobat Reader 9.0 or higher to view. Download Adobe Acrobat Reader