Security Policy and Compliance
Services relating to institutional policy or compliance
Information Security Program Council
The Information Security Program Council (ISPC) acts to set information security program priorities, responds to input from the working groups, and acts to formally adopt policies and procedures. In addition to working group team leads, it consists of a core group of senior leaders and others who have a vested interest in assuring the success of the information security program.
Policies & Standards
Our team works closely with the campus community to develop, review and publish cyber security policies and standards. Be sure to review them on a regular basis and check for updates frequently.
Cybersecurity Awareness Training
Cybersecurity is everyone's job, and to that end, we require Cybersecurity Awareness Training be completed by all staff on an annual basis.
Click the link below to access your cybersecurity awareness training. You will be taken to the SUNY single sign-on page, where you should select “Stony Brook” from the dropdown menu. You will then be directed to the familiar NetID login screen.
Vendor & Contract Review
Our team reviews and comments on potential vendors and their proposed contracts. It is best to engage us early so we can fully review the offering and help you pick an appropriate vendor, rather than waiting to start this process during procurement.
Data Use Agreement Review & Security Attestations
Are you looking to accept data on behalf of the University? You will no doubt be asked to review and sign a data use agreement, which commonly requires a specified level of security practices and procedures. We can help interpret the requirements and review your planned computing environment to determine if the means to comply to those requirements are available.
Data Security Standards
Stony Brook University is committed to the confidentiality, integrity, and availability of information important to the University's mission. Data must be protected using the appropriate security measures consistent with the minimum standards for the classification category, where available.
Data Classification Policy
Stony Brook classifies physical and electronic data into three risk-based categories for the purpose of determining access, permissions, and security precautions. This facilitates applying the appropriate security controls to university data and assists data caretakers in determining the level of security required to protect data on the systems for which they are responsible.
User Logon Banner and E-Mail Disclaimer
The Incident Response Working Group (IRWG), in collaboration with legal counsel, have created approved language for banner presentation to end users when logging into university systems and services. They have also provided approved language for e-mail signature disclaimers to better protect information transmitted via e-mail.