...
System Criticality | Data Classification | |||
|---|---|---|---|---|
Sensitive | Confidential | Internal | Public | |
Mission Critical | HighLevel 3 | Level 3 | Level 3 | Level 3 |
Core | Level 3 | Level 2 | Level 2 | Level 2 |
Business Critical | Level 3 | Level 2 | Level 2 | Level 1 |
Operational | Level 3 | Level 2 | Level 1 | Level 1 |
...
The WVU Information Security Policy identifies that Information Technology Services is responsible for establishing the rules to safeguard the hardware, software, and information systems utilized at WVU. The governance established by ITS applies to all units, faculty, staff, affiliates, and vendors with access to WVU systems and data. The table below identifies the minimum security requirements for a WVU system or application based on the classification of the data stored within the system and/or the system’s criticality. Security requirements are based on implemented technology governance and are organized below based on the NIST Cybersecurity Framework
...
Integrity means guarding against improper information modification or destruction, and includes ensuring information non-repudiation and authenticity. A loss of integrity is the unauthorized modification or destruction of infromationinformation.
Availability mean ensuring timely and reliable access to and use of information. A loss of availability is the disruption of access to or use of information or an information system.
...
Security Control | High | Moderate | Low |
|---|---|---|---|
Anti-virus installed and running Real-Time scanning |
|
|
|
Send logs to Security Event Management (SIEM) system (Splunk) |
| ☑ | ☑ |
Automate alerting on logging failures |
| ☑ | ⬜ |
Retain logs for 1 year or no less than 90 days for High/Moderate and 90 days for Low |
|
| ☑ |
Vulnerability Management
Governance: Vulnerability Management Standard
...