Skip Navigation
Search

Cybersecurity and Data Security


Cybersecurity Program 

Stony Brook University's Information Security Program (ISP) brings people, process and technology together to manage cyber risk to SBU's mission, and to protect all members of our community.  The Information Security Program Council (ISPC) acts to set information security program priorities, responds to input from the working groups, and acts to formally adopt policies and procedures. In addition to working group team leads, it consists of a core group of senior leaders and others who have a vested interest in assuring the success of the information security program.

Related Policies

SBU Training Requirement

The Division of Information Technology (DoIT)  is responsible for the oversight of cybersecurity training. All faculty and staff are required to take annual Cybersecurity Awareness Training.

Incident Response/Reporting 

Notify the cybersecurity team if you aware of a potential cybersecurity incident.  How to report an incident.

Cybersecurity and Data Security Standards

    • Faculty, staff, and students are required to comply with SBU cybersecurity and data security policies.  
    • Researchers (both funded and unfunded) may have additional laws and/or regulations that oversee the data security requirements of a category of data. 
    • Researchers may have additional cybersecurity laws and/or regulations that are required for the conduct of their projects.

Cybersecurity Standards


Secure Computing

Secure computing are services that provide a secure computing environment for users.  Secure computing includes network security, system security and application security. 

The ISP provides Secure Computing Guides (tip sheet and guides) for students and faculty/staff.  These guides are  in a concise format  to assist students and faculty/staff on how to keep their computing environment secure.  

Even though most research on campus is conducted with the intent to publicly disseminate there may be data or even types of research that warrant enhanced security.

More information is available on the Secure Computing page


Security Consulting 

ISP provides consultative services, training, education and awareness resources to assist students and faculty/staff in safe and secure computing. 

Review the Security Consulting page for further assistance.


Federal Awards and Standards 

Some federal sponsor awards, notably contracts and subcontracts may include enhanced IT (information technology) security requirements or include prohibitions on the purchase or use of certain products/services.   

More information is available on the Federal Awards and Data Protection Standards page.

Data Security Standards


Data that must be secured in accordance with SBU policies and procedures: 

  • Data that is intended for public dissemination where the project had no foreign national restrictions, no publication restrictions (or prior approvals), or acceptance of increased security requirements from a federal sponsor (direct or flowed down through a subcontract). 

Data that must be secured in accordance with SBU policies and procedures AND requires some enhanced security: 

  • Data that is intended for public dissemination where the project accepted any of the following: foreign national restrictions,  publication (including prior approval) restrictions, increased security requirements from a federal sponsor (direct or flowed down through a subcontract). 
  • Data related to intellectual property
  • SBU proprietary data
  • Export-controlled data 

Data that must be secured in accordance with laws/regulations and/or contractual requirements:

  • Protected Health Information (PHI)  
  • Controlled Unclassified Information (CUI) - SBU cannot accept CUI 
  • Data subject to General Data Protection Regulation (GDPR) - SBU cannot accept data subject to GDPR or similar laws. 
  • Data protected by a Non-Disclosure Agreement 
  • Data protected by a Data-Use Agreement