Standards

Security STANDARDS


The ECSU Security Standards originate in the International Standards Organization (ISO) 27002 Controls for information security. ISO 27002 contains internationally recognized best practices for information security. 

The Security Standards outline conditions necessary to adequately assure compliance with ECSU Trustee Policy 700.2.7 by University employees.  All university departments must comply with the standards by following their adapted procedures that meet or exceed the minimum requirements established by the Security Standards.  Compliance is verified through institutional and third party assessments and audits.

Security Program Structure

PROGRAM OVERVIEW (PDF)
 

ACCESS CONTROL (PDF)

STANDARD FOR ACCOUNT PASSWORDS

STANDARD FOR BUSINESS REQUIREMENTS FOR ACCESS CONTROL

STANDARD FOR RESPONSIBLE USE

STANDARD FOR SYSTEM AND APPLICATION ACCESS CONTROL

STANDARD FOR USER ACCESS MANAGEMENT

BUSINESS CONTINUITY MANAGEMENT (PDF)

STANDARD FOR INFORMATION SECURITY CONTINUITY

COMMUNICATIONS SECURITY (PDF)

STANDARD FOR COMMUNICATIONS SECURITY

COMPLIANCE (PDF)

STANDARD FOR COMPLIANCE WITH LEGAL AND CONTRACTUAL REQUIREMENTS
STANDARD FOR INFORMATION SECURITY REVIEWS
PAYMENT (CREDIT/DEBIT) CARD PROCESSING STANDARD

DATA MANAGEMENT (PDF)

STANDARD FOR INFORMATION CLASSIFICATION
STANDARD FOR HARDWARE AND MEDIA DISPOSAL

HUMAN RESOURCES SECURITY (PDF)

STANDARD FOR INFORMATION SECURITY RELATED TO EMPLOYEES
STANDARD FOR TELEWORKING

INFORMATION SECURITY INCIDENT MANAGEMENT (PDF)

STANDARD FOR INFORMATION SECURITY INCIDENTS

INFORMATION SECURITY ORGANIZATION (PDF)

STANDARD FOR INFORMATION SECURITY OVERSIGHT

MOBILE AND REMOTE ACCESS (PDF)

STANDARD FOR MOBILE DEVICES (PROPOSED)

OPERATIONS SECURITY (PDF)

STANDARD FOR OPERATIONS SECURITY

PHYSICAL AND ENVIRONMENTAL SECURITY (PDF)

STANDARD FOR PHYSICAL AND ENVIRONMENTAL SECURITY - EQUIPMENT
STANDARD FOR PHYSICAL AND ENVIRONMENTAL SECURITY – SECURE AREAS

SYSTEM ACQUISITION, DEVELOPMENT AND MAINTENANCE (PDF)

STANDARD FOR PROTECTION OF TEST DATA
STANDARD FOR SECURITY IN DEVELOPMENT AND SUPPORT PROCESSES
SECURITY REQUIREMENTS OF INFORMATION SYSTEMS

VENDORS AND EXTERNAL PARTIES (PDF)

STANDARD FOR INFORMATION SECURITY RELATED TO VENDORS AND EXTERNAL PARTIES

 
 
Direct your questions about these standards to DIT Information Security Office at infosec@ecsu.edu. ISO 27002 was adopted by UNC and Elizabeth City State University in 2012. All ECSU Security Standards and guidelines are based on this code of practice for Information Security Management.