Information Security Policies & Procedures
|
Information Security Policies and Procedures |
|
|
Policy or Procedure |
Summary |
|
Overview of the university's mission, administrative structure, and network topology. |
|
|
Responsibility for Establishing a Secure Information Environment |
Assignment of responsibility for creating and maintaining an information security program at GC. |
|
Defines acceptable uses of technology at GC. |
|
|
Defines acceptable uses of technology on the residence hall data network. |
|
|
Establishes policy on privacy, confidentiality, and security in electronic communications. Ensures that university communications resources are used for purposes appropriate to the university's mission. Informs the university community about the applicability of related laws and university policies regarding electronic communications. Ensures that electronic communications are used in compliance with laws and university policies. Prevents disruptions to and misuse of university electronic communications resources and activities. |
|
|
Defines best practices for password creation and utilization. |
|
|
Establishes the requirement for a comprehensive information security awareness program. |
|
|
Incident Response Plan |
Confidential document that details the university's response to Information Security incidents. The sensitive nature of this document requires that it be protected from public view. Questions or concerns may be addressed to the Chief Information Officer at cio@gcsu.edu |
|
Requirements for offices seeking to outsource Payment Card Processing and for complying with federal law regarding the use of Credit Cards. |
|
|
Defines procedures for blocking network access in the event of a security breach or other emergency. |
|
|
Procedure for Identification of a Departmental Security Contact |
Assigns the responsibility for appointment of a departmental security contact to coordinate departmental security efforts with the Chief Information Officer. |
|
Outlines the mechanism for registering a server with the Division of Information Technology and assigns responsibility for maintaining servers. |
|
|
Defines acceptable means for storing and destroying university information. |
|
|
Establishes access permissions for critical data facilities on campus. |
|
|
Establishes access permissions for digital resources on campus. |
|
|
Defines guidelines for selecting appropriate encryption tools and for complying with federal law regarding use of encryption by non-citizens of the U.S. |
|
|
Assigns responsibility for backup of critical resources. |
|
|
Defines acceptable uses of the PeopleSoft system. |
|
|
Defines acceptable uses of the Banner system. |
|
|
Outlines guidelines for creation and management of the university's domain name server. |
|
|
Procedure for requesting and review of Windows client administration privileges. |
|
|
Defines procedure for requesting a central file share. |
|
|
Outlines the procedure for requesting access to the document scanning service as well as acceptable use of the system. |
|
|
This document provides a policy framework which should be utilized to assure appropriate and equitable issuance to staff and faculty of basic technology equipment. This policy is a guide for administrators, faculty, and staff for the acquisition, utilization and support of computer and peripheral needs and basic network access, as well as personal responsibilities of the employee and supervisor. |
|
|
Please address all comments, questions, or concerns regarding the above policies or other security related issue to cio@gcsu.edu . These policies and procedures are living documents and subject to change at any time to address evolving technology and security issues. Check back often for the latest revisions to any policy or procedure. |
|
Information Technology
Campus Box 050
Milledgeville, GA 31061-0490
Last Updated: 02/04/13
For technical assistance, please contact the
Serve Help Desk at 478-445-7378
IT web pages updated by Cindy Bowen 478-445-1196
