Acquisition Assessment Policy
Defines responsibilities regarding corporate acquisitions, and defines the minimum requirements of an acquisition assessment to be completed by the information security group. Read the Article
Administrative Computing Security Policy
This policy outlines the responsibilities of users, data stewards, application stewards, systems administrators and management to assure the availability, integrity and confidentiality of a University. Read the Article
Audit Vulnerability Scanning Policy
Defines the requirements and provides the authority for the information security team to conduct audits and risk assessments to ensure integrity of information/resources and to investigate incidents. Read the Article
Critical PennNet Host Security Policy
This policy describes the requirements and constraints for attaching and securing a critical computer to PennNet. It also provides "best practice" recommendations to guide systems administrators. Read the Article
DMZ Lab Security Policy
Defines standards for all networks and equipment deployed in labs located in the "Demilitarized Zone" or external network segments. Read the Article
Ethics Policy
Defines the means to establish a culture of openness, trust and integrity in business practices. Read the Article