Office of Information Security

Overview

Office of Information Security

Information security refers to the protection of information, information systems, equipment, software, and people from a wide spectrum of threats and risks. Implementing appropriate security measures and controls to provide for the confidentiality, integrity, and availability of information, regardless of its form (electronic, optical, oral, print, or other media), is critical to ensure business continuity, and protect information assets against unauthorized access, use, disclosure, disruption, modification, or destruction. Information security is also the means by which privacy of personal information held by state entities is protected (California State Administrative Manual).

Information Security Program

The Long Beach Community College District (LBCCD) is committed to protecting and managing its information assets. Therefore, LBCCD has adopted the California Community College Information Security Standard as defined by the California Community College (CCC) Security Center. LBCCD’s information security standards, best practices, and guidelines shall align with or be derived from the CCC’s Information Security Standard or applicable administrative regulations.

As part of this program, Instructional & Information Technology Services’ (IITS) Information Security Plan was created to describe the development, implementation, and management of applicable administrative, physical, and technical controls to protect the institution’s data and information systems.

Basic Principles

The CIA triad (Confidentiality, Integrity, and Availability) is a model that is used to guide security policy development. In the context of the CIA triad, ISO27002 defines information security as the preservation of the following.

Confidentiality Ensuring that information is accessible only to those authorized to have access.
Integrity Safeguarding the accuracy and completeness of information and processing methods.
Availability Ensuring that authorized users have access to information and associated assets when required.

Data Classification

LBCCD collects, compiles, stores, and manipulates data from a variety of sources. In order to apply the appropriate security protocols for safeguarding the data, the college must first classify the data into one of three levels: (1) confidential, (2) internal use, and (3) general.

Level 1: Confidential Protected data that is sensitive in nature, poses a severe risk if exposed, and/ or is governed by legal statute.
Level 2: Internal Use Protected data that is sensitive in nature, and/ or poses a moderate risk if exposed.
Level 3: General Disclosure of this information does not expose the college to financial loss or jeopardize the security of the college’s information assets.

Further details regarding data classifications can be found in the Long Beach Community College District Data Classification Standard.

If You See Something, Say Something!

Cybersecurity is a shared responsibility. Please report suspicious emails or possible unauthorized access to computers, software, or websites to the IITS Help Desk.

Protect your password! Administration Regulation 6006 specifically prohibits the sharing of login credentials. Never provide your password to anyone – not your coworker, not your boss, not even IITS.