In 2008, Governor Sonny Perdue issued an Executive Order on Information Security. Each State agency is required to submit an annual Information Security Program Report. The USG ‐ Office of Information Security will collect and compile the data into a comprehensive USG Information Security Program Report (ISPR), to be published by October 31st of each year. No USG institution or GPLS specific information will be reported. All ISPR data will be handled and disposed securely.
Clayton State University's information technology systems and resources are valuable and expensive assets that the University needs to safeguard and protect. The information (data) stored on these resources must also be protected, as it may contain private and confidential information entrusted to the University. Networks and computer systems are shared resources used by students, employees, and the general public. As a shared resource, steps are taken to ensure availability, as well as controlled access.
This policy follows guidelines provided by the University System of Georgia's Office of Information Technology Services. It will describe how the University will protect its IT resources and data. These policies apply to all users of these resources - student, faculty, staff, employee, contractors, and so on.
Technology should not be used just for its own sake. It should be used as a means of efficiently helping the University to meet its goals. In the Campus Strategic Plan, technology is mentioned three times. In all three cases it is mentioned to enhance or further existing processes. The goal of the Information Security Program is not to penalize or add controls just because we can. The goal is to assist the University to meet the strategic goals by taking proactive steps to provide reliable and trustworthy systems.
1) Protect the University's mission critical systems
2) Identify and implement controls which can provide the greatest amount of good for limited funding
3) Aggressively scan and re-mediate vulnerabilities
4) Document. Standard configurations, policies, methods, changes.