Information Security Policies & Directives
West Virginia University Information Security Directives, Standards and Guidelines
Introduction
PURPOSE
The purpose of the West Virginia University Information Security Directives, Standards and Guidelines are is to provide guidance for the protection of confidential and business limited data as used, transmitted or stored on University computers, storage media and other devices. University data refers to data that is created by or entrusted to the University for purposes of supporting academic, administrative, research and service related activities.
In addition to fulfilling the responsibility to protect data belonging to the University, as well as its customers and partners, the University must implement appropriate controls to help ensure compliance with external regulations, including but not limited to
- Family Educational Rights & Privacy Act (FERPA)
- Gramm-Leach-Bliley Act (GLBA)
- Federal Export Technology Control Laws
- The Health Insurance Portability and Accountability Act (HIPAA)
- Payment Card Industry Data Security Standard (PCIDSS)
- Sarbanes Oxley Act (SOX)
DEFINITIONS
Definitions of regulations and technology terms are presented in the Information Security Glossary. The first occurrence of each glossary term is marked in the directive document with an underline.