Top 5 Security Tips for Academic Leaders (Chairs and Deans)

How can you as an academic leader enhance the security practices of your department?  The following 5 security topics will help you protect your department against the ever growing body of threats.

1. Training and Awareness 

All employees are required to complete the online information security awareness training provided by the Chancellor’s Office (located in the DTS).

To check the status of who has taken the training, reports are available in the DTS. 

This requirement is addressed in ICSUAM Policy 8035: Information Security Awareness and Training

2. Data Classification and Protection

data protection table

You can learn more 

This is requirement is addressed in ICSUAM Policy 8065: Information Asset Management

3. Records Retention 

Records encompass information collected and stored by the University. How long you must keep these records depends upon what the data is. The CSU Chico records retention page outlines responsibilities and requirements including record types and required retention periods: 

This topic is addressed in CSU Executive Order 1031: Records Retention and Disposition

4. Cloud Security

CSU data should only be stored in approved cloud service providers.

cloud security data storage

If your department decides to purchase a cloud based service, then departmental administrators may be responsible for contractual and security compliance efforts for the cloud based service.  

More information can be found at: Duties of a Cloud Application Responsible Administrator

This topic is addressed in CSU Chico Cloud Security Standards

5. Access Control and Personnel Security

Department and College personnel with Human Resources assignments play a pivotal role in the timely provisioning and removal of access to campus services.  You should be aware of HR and other processes that provide access to University data and the importance of working with Human Resources to ensure accurate completion of HR transactions for all faculty, staff, and student employees. 

Addressed in ICSUAM 8060: Access Control & ICSUAM 8030: Personnel Information Security

5+. Procurement of IT related resources and services

All purchases of IT services, whether for state use or through a contract or grant, must follow the Information Technology Procurement Review (ITPR) processes.  The ITPR process is designed to allow the campus to ensure that products are not unnecessarily duplicated (wasting money), contracts are properly negotiated, and that potential vendors follow required CSU and CSU, Chico policies and standards.  

To start the ITPR process create a ticket in TeamDynamix:  IT Procurement Review (ITPR) 

This topic is addressed in ICSUAM 8040: Managing Third Parties