New Information Securuty Guidance

Submitted by:

University Information Technology Services

Several new information security standards, procedures and guidelines will become effective on July 1, 2009. This guidance was developed pursuant to the Board of Regents' IT security policy and the recommendations of the Arizona Auditor General's Office in connection with an IT Security Performance Audit. Progress toward implementation is reported periodically to the Board of Regents and to the Arizona Legislature.

Notice of the drafts was distributed in the January 2009 ua.InfoSec Monthly Update and to several stakeholder groups. Comments were received from members of the Information Security Advisory Committee and other stakeholders. Brief descriptions and URLs follow.

Data Classification Standard,
http://www.security.arizona.edu/files/ISS302.pdf
Consolidates in a single standard existing confidential university data and personal information classifications.

Application Security Standard,
http://www.security.arizona.edu/files/ISS801.pdf
Integrates security into the development of in-sourced and outsourced applications.

Web Application Assessment Procedure,
http://www.security.arizona.edu/appscan
Describes a process for using a web application security assessment tool. Includes info on compliance scans to be conducted by the Information Security Office.

Critical Device Scanning Procedure, http://www.security.arizona.edu/scan
Describes a process for using a network vulnerability scanning tool. Includes info on compliance scans to be conducted by the Information Security Office.

Incident Response Standard,
http://www.security.arizona.edu/files/ISS1100.pdf
Identifies roles and establishes responsibilities for information security incidents. Replaces the existing Incident Handling Standard.

Incident Response Plan,
http://www.security.arizona.edu/files/ISP1100.pdf
Describes the process for responding to incidents that could have a serious impact on UA.

Incident Handling Guideline,
http://www.security.arizona.edu/files/ISG1100.pdf
Includes detailed processes for investigation, containment, recovery and follow up for information security incidents. Replaces the existing Incident Handling Guideline.

Risk Assessment Standard, http://www.security.arizona.edu/files/ISS1200.pdf
Establishes a requirement for regular risk assessment.

In This Issue:

November 18, 2009

Extracurricular

- NOV. 19 | 12 p.m.
  2009 State of the University
- NOV. 20 | 4 p.m.
  Meet Artist and UA Alum Diana Madaras
- NOV. 21 | 6 p.m.
  Arizona Football vs. Oregon (Home)

On The Market

ANTIQUE STOVE FOR SALE | 1951 O'Keefe and Merritt gas stove with large griddle. Oven, broiler, extra storage. Two simmer burners. Gas valves recently resealed. Very clean. In very good condition ...

Pop Quiz

Arizona Stadium is home to the Laboratory for Tree-Ring Research and what other UA science facility?

a. Steward Observatory Mirror Laboratory
b. Space Imagery Center
c. Sleep Research Laboratory

Answer: a

The QT

Get a head start on holiday shopping at the UA BookStore's Festivus celebration on Friday. Clothing, supplies and general reading books will be 25 percent off. UA employees also should receive an invitation in their mailboxes offering 40 percent off one item. Enjoy music, refreshments and raffles from 4 p.m. to 6 p.m. Call 621-2426.

LQP

Etc.