º£½ÇÉçÇø

Printable Version in PDF Format ()

Table of Contents

• History
• Purpose
• Background
• Business Practice
  • Accountability
  • Applicability
  • Definition(s)
  • Text
• Exhibit(s)
  • Assessment History

History [top]

• Business Practice Number: BP.05.004
• Version: 1
• Drafted By: Neal Fisch
• Approved By: Michael Berman
• Approval Date: 05/08/2017
• Latest Revision Date: 07/16/2024

Purpose [top]

Provide support of for Access Review.

Background [top]

To support , CI must develop procedures to detect unauthorized access and privileges assigned to authorized users that exceed the required access rights needed to perform their job functions. Appropriate campus managers and data stewards must assess, at least annually, user access rights to information assets containing protected level 1 data.  The results of the assessment must be documented and stored.

Business Practice [top]

Accountability [top]

Associate Vice President for Information Technology Services

Chief Information Security Officer

Appropriate campus managers and data stewards

Applicability [top]

Anyone with access to º£½ÇÉçÇøCI computer systems

Definition(s) [top]

Protected Data – Data classified as Level 1 Confidential as prescribed in the recognized campus data classification standard.

Security Lead – Designated resource responsible for security role creation and changes or security administration.

CISO – Chief Information Security Officer

Text [top]

General

Having the correct level of access is paramount to the security of CI’s information assets. To validate that appropriate levels of access are in place, and in support of the for access review, CI will perform annual access assessments for systems that contain protected level 1 data. These assessments will be coordinated by the campus Information Security Officer with participation by the appropriate data steward(s), system/module security lead(s)/administrator(s), and appropriate campus management if needed.

Exhibit(s) [top]

Assessment History [top]