Information Security Resources

Shield PlanetInformation security (InfoSec) is the practice of defending organizational resources from unauthorized access, destruction, or modification. InfoSec promotes student success and community enrichment by protecting confidential information from theft and improving the stability of services the College offers for our students and community. Our goal is to guard digital information (such as spreadsheets) and physical information (such as HR personnel files), as well as application availability, communication mediums (such as email and phone services), and any other resources necessary to carry out the College's daily operations. We protect these resources from physical threats - natural disasters such as fire or flood, logical threats - technological issues such as hardware failures or database corruption, and human threats - whether they be the result of malicious actions or human error.

The Information Security Resources website is divided into five categories, outlined and accessible via the menu on the left of this page. Five website sections focused on general InfoSec understanding, services InfoSec can provide for COCC and our community, user awareness and training programs, InfoSec standards adopted and required by COCC's leadership, and lastly - specifics for IT and InfoSec practitioners to implement as components of a security architecture.


Information security practitioners face a broad discipline with such depth as it's easy to get lost and lose perspective. Developing a fundamental understanding of the overarching concepts of InfoSec will improve your ability to protect your own digital resources, college operational resources, and protected information entrusted to us through COCC.

InfoSec Services

Services that COCC's Information Security Administrator and the Information Technology Services department provide in an effort to bolster Central Oregon Community College's InfoSec posture. If you want to know what we can do for your department, whether it be training, permissions audit assistance, or assistance with physical document destruction, start here. We welcome inquiries should you need information security assurance services not listed, as we are always looking to improve and expand the services we offer to our illustrious institution.

Security Engineering

Resources for Information Security Practitioners, network and system engineers, desktop technicians and even technology-savvy home users. This section discusses a Bestiary (virus, malware, and other monsters,) Bulwarks (defense tools such as firewall and antivirus software,) and the Armory (vulnerability assessment tools, cryptography, forensics software, and more).

Educational Resources

InfoSec Awareness and Training for our community (students and beyond), faculty, and staff. There are three separate awareness programs, focused on the needs of each role. Community focuses on InfoSec home defense, for our non-work laptops and computers, smartphones, tablets and wireless routers. Faculty focuses on the extra steps COCC's faculty should pursue to protect the trusted information they have access to, some of which has FERPA regulations. Lastly, staff training has insight into protecting the confidential institutional information entrusted to our classified and administrative staff members, such as social security numbers, names, addresses and telephone numbers, as well as FERPA, HIPAA, PCI regulated information protection requirements and more.

Institutional Best Practices

InfoSec requirements approved and mandated by our leadership for protecting classified information, applicable policies and procedures, in-depth regulation information for FERPA, HIPAA, PCI, data destruction policies and more.