Skip Navigation

Security Policy and Compliance

Services relating to institutional policy or compliance

Information Security Program Council

The Information Security Program Council (ISPC) acts to set information security program priorities, responds to input from the working groups, and acts to formally adopt policies and procedures. In addition to working group team leads, it consists of a core group of senior leaders and others who have a vested interest in assuring the success of the information security program.

Learn More

Policies & Standards

Our team works closely with the campus community to develop, review and publish cyber security policies and standards. Be sure to review them on a regular basis and check for updates frequently.

Review Policies & Standards

Cybersecurity Awareness Training

Cybersecurity is everyone's job, and to that end, we require Cybersecurity Awareness Training be completed by all staff on an annual basis.

Click the link below to access your cybersecurity awareness training. You will be taken to the SUNY single sign-on page, where you should select “Stony Brook” from the dropdown menu. You will then be directed to the familiar NetID login screen.

Access Your Training at KnowBe4

Vendor & Contract Review

Our team reviews and comments on potential vendors and their proposed contracts. It is best to engage us early so we can fully review the offering and help you pick an appropriate vendor, rather than waiting to start this process during procurement.

Learn More

Data Use Agreement Review & Security Attestations

Are you looking to accept data on behalf of the University? You will no doubt be asked to review and sign a data use agreement, which commonly requires a specified level of security practices and procedures. We can help interpret the requirements and review your planned computing environment to determine if the means to comply to those requirements are available.

Learn More

Data Security Standards

Stony Brook University is committed to the confidentiality, integrity, and availability of information important to the University's mission. Data must be protected using the appropriate security measures consistent with the minimum standards for the classification category, where available.

Review Data Security Standards

Data Classification Policy

Stony Brook classifies physical and electronic data into three risk-based categories for the purpose of determining access, permissions, and security precautions. This facilitates applying the appropriate security controls to university data and assists data caretakers in determining the level of security required to protect data on the systems for which they are responsible.

Review Classification Policy

User Logon Banner and E-Mail Disclaimer

The Incident Response Working Group (IRWG), in collaboration with legal counsel, have created approved language for banner presentation to end users when logging into university systems and services.  They have also provided approved language for e-mail signature disclaimers to better protect information transmitted via e-mail.

Learn More