Office of Information Security
Information security refers to the protection of information, information systems, equipment, software, and people from a wide spectrum of threats and risks. Implementing appropriate security measures and controls to provide for the confidentiality, integrity, and availability of information, regardless of its form (electronic, optical, oral, print, or other media), is critical to ensure business continuity, and protect information assets against unauthorized access, use, disclosure, disruption, modification, or destruction. Information security is also the means by which privacy of personal information held by state entities is protected (California State Administrative Manual).
Information Security Program
The Long Beach Community College District (LBCCD) is committed to protecting and managing its information assets. Therefore, LBCCD has adopted the as defined by the California Community College (CCC) Security Center. LBCCD’s information security standards, best practices, and guidelines shall align with or be derived from the CCC’s Information Security Standard or applicable administrative regulations.
As part of this program, Information Technology Services’ (ITS) Information Security Plan was created to describe the development, implementation, and management of applicable administrative, physical, and technical controls to protect the institution’s data and information systems.
The CIA triad (Confidentiality, Integrity, and Availability) is a model that is used to guide security policy development. In the context of the CIA triad, ISO27002 defines information security as the preservation of the following.
|Ensuring that information is accessible only to those authorized to have access.
|Safeguarding the accuracy and completeness of information and processing methods.
|Ensuring that authorized users have access to information and associated assets when required.
LBCCD collects, compiles, stores, and manipulates data from a variety of sources. In order to apply the appropriate security protocols for safeguarding data, the college must first classify the data into one of the three following levels:
|Level 1: Confidential
|Protected data that is sensitive in nature, poses a severe risk if exposed, and/ or is governed by legal statute.
|Level 2: Internal Use
|Protected data that is sensitive in nature, and/ or poses a moderate risk if exposed.
|Level 3: General
|Disclosure of this information does not expose the college to financial loss or jeopardize the security of the college’s information assets.
Further details regarding data. classifications can be found in the Long Beach Community College District Data Classification Standard.