Assets Must Be Protected
Assets must be protected and secured based on their value and sensitivity.
- Open information sharing and disclosure must be balanced with the need to restrict the availability of confidential, proprietary, and sensitive information.
- Federal and state laws and regulations mandate data privacy compliance.
- Security is a continual process.
- Risks need to be identified and managed.
- Security must be designed “up front” into applications, data elements and technology infrastructure.
- Systems, data, and technologies must be protected against unauthorized access and handling.
- Information sources must be protected against unauthorized or accidental modifications, fraud, catastrophes, or disclosure.
- Security measures must be consistently applied to be effective.
- Security is a shared responsibility by the entire Tufts community.