An Information Security Plan (ISP) is designed to protect information and critical resources from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities. Information Technology (IT) security is achieved by implementing a suitable set of controls, including policies, processes, procedures, organizational structures, and software and hardware functions. These controls need to be established, implemented, monitored, reviewed and improved, where necessary, to ensure that the specific security and business objectives of Michigan Technological University are met.
This plan governs the privacy, security, and confidentiality of University data, especially highly sensitive data, and the responsibilities of departments and individuals for such data. IT security measures are intended to protect information assets and preserve the privacy of Michigan Tech employees, students, sponsors, suppliers, and other associated entities. Inappropriate use exposes Michigan Tech to risks including virus attacks, compromise of network systems and services, and legal issues.
All users of Michigan Tech’s information technology resources are required to follow 2.1009 Information Security Compliance Policy and are bound by this plan as well as other University policies and procedures as terms of their employment. All employees share responsibility for the security of the information and resources in their respective departments.