- Get help
- Services
- Announcements & alerts
- Service outages
- Security alerts
- Major initiatives
- Using automation to drive efficiency and innovation at ¶¡ÏãÔ°AV
- Welcome to the new ¶¡ÏãÔ°AV Mail: now faster, secure, intuitive
- Reintroducing IT ServiceHub: Your One-Stop IT Support Platform
- Supporting ¶¡ÏãÔ°AV's Digital Transformation with Exchange Online
- Important changes to ¶¡ÏãÔ°AV email practices
- Transforming the ¶¡ÏãÔ°AV experience through digital improvements - Key Initiatives in Progress
- Jovanna Sauro wins ¶¡ÏãÔ°AV Personal Achievement Award
- Improve your cellular coverage by enabling WiFi Calling
- New committee guides transformative changes at ¶¡ÏãÔ°AV
- Expanded identity options for students within ¶¡ÏãÔ°AV applications
- ¶¡ÏãÔ°AV works toward keeping devices out of landfills
- A journey to improved WiFi
- Help us, help you, connect to better WiFi
- IT Services' new support system: ServiceHub
- Information Security Essential Courses
- IT Services leadership announcement
- University Wide Password Change Initiative
- April 2021 technical issue
- Telephone System Core Infrastructure Upgrade
- Decommissioning fraser.sfu.ca
- About
- Information security
Information Security Standards
Procedures, Standards & Resources
¶¡ÏãÔ°AV (the "University") is committed to protecting the Digital Information and Electronic Systems that are critical to teaching, research, business operations, and other University activities that are vital to the work and communities we support.
As required under Policy GP 24: Acceptable Use and Security of Digital Information and Electronic Systems, the Chief Information Security Officer (CISO) has published Information Security Standards that govern the use and protection of University data and computing resources.
All users of ¶¡ÏãÔ°AV Electronic Information and Systems are responsible for following these standards.
| No. | Standard | Purpose | Scope | Date Revised (mm/dd/yyyy) |
| 01 | Vulnerability Management Standard [PDF] |
As ¶¡ÏãÔ°AV becomes more dependent on Electronic Systems to achieve new, strategic objectives and sustain ongoing operations, there is an increasing risk of disruption from potential exploitation of vulnerabilities in those systems. The purpose of this standard is to reduce the risk of compromise through a consistent and repeatable Vulnerability Management Program. |
This standard applies to the Electronic Systems that provide or support ¶¡ÏãÔ°AV services hosted within ¶¡ÏãÔ°AV cloud, the campus network, third party data centers, and cloud service providers. |
09/14/2023 |
| 02 | Logging and Monitoring Standard [PDF] |
The purpose of this standard is to establish requirements for security logging, monitoring, and event management to detect unauthorized activities and enable incident investigation and response for ¶¡ÏãÔ°AV’s Digital Information and Electronic Systems. | This standard applies to the applications, servers, workstations, and infrastructure that provides or supports University services hosted within ¶¡ÏãÔ°AV Cloud, the corporate network, third party data centers, and cloud service providers. This standard is aimed at University IT staff. |
02/08/2024 |
| 03 | Identity and Access Management Standard [PDF] | The purpose of this standard is to regulate access to ¶¡ÏãÔ°AV's Digital Information and Electronic Systems, ensuring only necessary privileges are granted. This protects against unauthorized access, modification, or destruction, while maintaining data confidentiality, accuracy, and availability. | This standard applies to all campuses, faculty, staff, students, researchers, alumni, retirees, consultants, contractors, internal and external affiliated individuals and organizations, visitors, digital information, applications, and electronic systems including externally hosted services, and personal devices where creating, processing, maintaining, transmitting, or storing institutional data takes place. | 10/03/2024 |