Office of Information Security
Information security refers to the protection of information, information systems, equipment, software, and people from a wide spectrum of threats and risks. Implementing appropriate security measures and controls to provide for the confidentiality, integrity, and availability of information, regardless of its form (electronic, optical, oral, print, or other media), is critical to ensure business continuity, and protect information assets against unauthorized access, use, disclosure, disruption, modification, or destruction. Information security is also the means by which privacy of personal information held by state entities is protected (California State Administrative Manual).
Information Security Program
The Long Beach Community College District (LBCCD) is committed to protecting and managing its information assets. Therefore, LBCCD has adopted the California Community College Information Security Standard as defined by the California Community College (CCC) Security Center. LBCCD’s information security standards, best practices, and guidelines shall align with or be derived from the CCC’s Information Security Standard or applicable administrative procedures.
As part of this program, Information Technology Services’ (ITS) Information Security Plan was created to describe the development, implementation, and management of applicable administrative, physical, and technical controls to protect the institution’s data and information systems.
Basic Principles
The CIA triad (Confidentiality, Integrity, and Availability) is a model that is used to guide security policy development. In the context of the CIA triad, ISO27002 defines information security as the preservation of the following.
| Confidentiality | Ensuring that information is accessible only to those authorized to have access. |
| Integrity | Safeguarding the accuracy and completeness of information and processing methods. |
| Availability | Ensuring that authorized users have access to information and associated assets when required. |
Data Classification
LBCCD collects, compiles, stores, and manipulates data from a variety of sources. In order to apply the appropriate security protocols for safeguarding data, the college must first classify the data into one of the three following levels:
| Level 1: Confidential | Protected data that is sensitive in nature, poses a severe risk if exposed, and/ or is governed by legal statute. |
| Level 2: Internal Use | Protected data that is sensitive in nature, and/ or poses a moderate risk if exposed. |
| Level 3: General | Disclosure of this information does not expose the college to financial loss or jeopardize the security of the college’s information assets. |
Further details regarding data. classifications can be found in the Long Beach Community College District Data Classification Standard.
Don’t be a victim of phishing!
Forward all suspicious emails to Report a Phish. No one, not even ITS, should ask for your password or send emails or texts soliciting you to log in with your account. If someone does, they are phishing. If you do give your password to someone, immediately change it in the Viking Portal.
Protect your password
Administrative Procedure 3720 specifically prohibits the sharing of login credentials. Never provide your password to anyone: not your coworker, not your boss, not even ITS.
If You See Something, Say Something
Cybersecurity is a shared responsibility. Please report all suspicious activity and unauthorized access to computers, software, and websites to the Office of Information Security.
If you are looking to report a potential crime or similar non-emergency situation, please refer to the Police & Campus Safety website.