Northeastern Policies and Legal Notices

NP 6-10 – Cyber Security Policy

Approved:

Effective:

BP 6-10 Cyber Security Policy

REFERENCES:  Family Educational Rights and Privacy Act, 20 U.S.C. §1232g, 34 CFR. Part 99 Gramm-Leach-Bliley Act, 15 U.S.C. 6801-6809, 16 CFR. Part 314 C.R.S. § 24-73-101–103, Protection of Personal Identifying Information Act of 2018

SP 6-10a Acceptable Use of Information Assets Procedure

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy; Board Policy (BP) 3-125; Electronic Communication Policy; System Procedure (SP) 6-10b Access and Authentication; System Procedure (SP) 6-10s, Remote Access

SP 6-10b Access and Authentication

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy

SP 6-10c Anti-virus and Anti-malware Management

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy

SP 6-10d Information Asset Management

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy System Procedure (SP) 6-10a, Acceptable Use of Information Assets System Procedure (SP) 6-10k, Data Classification, Handling, and Protection System Procedure (SP) 6-10p, IT Risk Management System Procedure (SP) 6-10t, Security Testing

SP 6-10e Audit Logging and Monitoring

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy System Procedure (SP) 6-10b, Access and Authentication System Procedure (SP) 6-10r, Physical Security and Access System Procedure (SP) 6-10q, Network Device Configuration System Procedure (SP) 6-10c, Anti-Virus and Anti-Malware Management System Procedure (SP) 6-10f, Backup and Recovery System Procedure (SP) 6-10n, Information Security Incident Response

SP 6-10f Backup and Recovery

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy System Procedure (SP) 6-10o, Information Technology Continuity

SP 6-10h Clear Desk

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy

SP 6-10i Cloud Security

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy

SP 6-10j Email Security

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy System Procedure (SP) 6-10a, Acceptable Use of Information Asset System Procedure (SP) 6-10e, Audit Logging and Monitoring System Procedure (SP) 6-10k, Data Classification, Handling, and Protection

SP 6-10k Data Classification, Handling, and Protection

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy

SP 6-10l Data Retention and Disposal

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy Board Policy (BP) 3-110, Records Management System Procedure (SP) 3-100, Evidence Preservation Procedure

SP 6-10m Exception Management

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy

SP 6-10o Information Technology Continuity

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy System Procedure (SP) 6-10f, Backup and Recovery

SP 6-10p Information Technology Risk Management

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy

SP 6-10q Network Device Configuration

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy

SP 6-10r Physical Security and Access Procedure

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy System Procedure (SP) 6-10h, Clear Desk Procedure

SP 6-10s Remote Access

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy

SP 6-10t Security Testing

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy

SP 6-10u Security Awareness Training

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy

SP 6-10v Server and Workstation Configuration

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy System Procedure (SP) 6-10b, Access and Authentication System Procedure (SP) 6-10c, Anti-Virus and Anti-Spyware Management

SP 6-10x Third Party Management

REFERENCES: Board Policy (BP) 6-10, Cyber Security Policy System Procedure (SP) 6-10a, Acceptable Use of Information Assets System Procedure (SP) 6-10s, Remote Access

Approved: