Security Operations Policy

Purpose

To provide Pomona College with guidance to develop and implement the appropriate protective safeguards to ensure the confidentiality, integrity, and availability of Pomona College assets and information.

Policy

Security operations safeguard Pomona College information assets that reside within the Pomona College information system. These practices help identify threats and vulnerabilities and implement controls to reduce the overall risk to Pomona College assets. Pomona College exercises due care and due diligence by taking reasonable measures to protect its assets on an ongoing and continual basis.

Summary

  • Pomona College develops, documents and maintains baseline configurations for its information system and related components including standard software packages for all devices, current version numbers, patch information and so forth.
  • Pomona College requires Faculty and Staff to notify Pomona College ITS when traveling to locations that the College deems to be of significant risk and will issue specially configured devices and system components to travelers to mitigate potential risk. Data residing on mobile devices will be protected as part of this.
  • Only qualified and authorized individuals are permitted access for the purpose of changes or upgrades.
  • A “deny-all, permit by exception” policy is employed to allow only the execution of authorized software on the Pomona College system.
  • A configuration management plan and system is maintained that will track configuration items including hardware and software through its lifecycle.

Security Operations Policy Details [pdf]