蜜桃传媒

蜜桃传媒 (蜜桃传媒; the College) acknowledges that cyber risks represent strategic enterprise risks for the organization, and that it has legislative, financial, and legal obligations as a public institution to manage these risks in a systematic and consistent manner.

This policy establishes a Cyber Security Governance Framework (the Framework) which includes roles, authorities, responsibilities, and procedures for implementing and managing the College's Cyber Security Risk Management Program (the Program) and Cyber Security Standards (the Standards), and the corresponding oversight of the Framework with the goal of achieving Program maturity and cyber resilience.

This policy applies to all users of 蜜桃传媒's digital information resources and all processes, systems, applications, involving 蜜桃传媒's digital information, whether internal or external (hosted by third parties).

1. The College is committed to protecting all 蜜桃传媒 digital information assets and resources through a Framework that implements regular cyber risk assessments, identification of risk mitigation strategies, and institutional oversight.


2. The College will adhere to all relevant laws and regulations governing cyber security risk management of public institutions in British Columbia. 


3. 蜜桃传媒 will, to the best of its abilities, follow established best practices in cyber security.


4. 蜜桃传媒 recognizes that not all risks can or should be fully mitigated or avoided.


5. The Framework is designed to identify, evaluate, treat, report on, and monitor key risks at the College.


6. The 蜜桃传媒 Board of Governors, President and Chief Information Officer are responsible for full oversight of the Framework.


7. Violations of this Policy may result in restrictions on IT network, application, or service access in addition to administrative and/or disciplinary actions outlined in the other relevant College policies.


8. 蜜桃传媒 will follow a standardized approach to managing and mitigating cyber security risk by implementing a cyber incident response plan.

Availability

Information or information systems being accessible and usable on demand to support business functions.

Confidentiality

Information is not made available or disclosed to unauthorized individuals, entities, or processes.

Control

Any policy, processes, practice, or other action that may be used to modify or manage cyber security risk.

Cyber Incident

A single or a series of unwanted or unexpected events that threaten privacy or cyber security, i.e. the confidentiality, integrity and/or availability of cyber resources and assets.

Cyber Resilience

A dimension of cyber risk management, representing the ability of systems and organizations to develop and execute long-term strategies to withstand cyber events; an organization's ability to sustainably maintain, build and deliver intended business outcomes despite adverse cyber events.

Cyber Risk

Probable loss event that materializes when a cyber threat affects an asset of value and results in a material impact on an organization. Cyber risk can be measured as the probable frequency and the probable impact of a material loss event.

Cyber Security

The set of activities that protect networks, devices and data from unauthorized access or criminal use and the practice of ensuring confidentiality, integrity and availability of information and proper delivery of services.

Cyber Threat

Potential cause of an unwanted cyber incident, which may result in harm to a system or organization.

Integrity

The characteristic of information being accurate and complete and the preservation of accuracy and completeness by protecting the information from unauthorized, unanticipated, or unintentional modification.

• Appropriate and Responsible Use of Educational and Information Technology (505)
• Electronic Mail (Employees) (503)
• Freedom of Information and Protection of Privacy (501)
• Internet of Things (504)
• Standards of Employee Conduct & Conflict of Interest (202)
• Student Non-Academic Conduct (324)

, RSBC 1996, c 52

, RSBC 1996, c 140

, RSBC 1996, c 165

, SBC 2003, c 63