Assets Must Be Protected

Description

Assets must be protected and secured based on their value and sensitivity.

Rationale

  • Open information sharing and disclosure must be balanced with the need to restrict the availability of confidential, proprietary, and sensitive information.
  • Federal and state laws and regulations mandate data privacy compliance.
  • Security is a continual process.
  • Risks need to be identified and managed.

Implications

  • Security must be designed “up front” into applications, data elements and technology infrastructure. 
  • Systems, data, and technologies must be protected against unauthorized access and handling. 
  • Information sources must be protected against unauthorized or accidental modifications, fraud, catastrophes, or disclosure.
  • Security measures must be consistently applied to be effective.
  • Security is a shared responsibility by the entire Tufts community.