In 2008, Governor Sonny Perdue issued an Executive Order on Information Security. Each State agency is required to submit an annual Information Security Program Report. The USG ‐ Office of Information Security will collect and compile the data into a comprehensive USG Information Security Program Report (ISPR), to be published by October 31st of each year. No USG institution or GPLS specific information will be reported. All ISPR data will be handled and disposed securely.
Clayton State University's information technology systems and resources are valuable and expensive assets that the University needs to safeguard and protect. The information (data) stored on these resources must also be protected, as it may contain private and confidential information entrusted to the University. Networks and computer systems are shared resources used by students, employees, and the general public. As a shared resource, steps are taken to ensure availability, as well as controlled access.
This policy follows guidelines provided by the University System of Georgia's Office of Information Technology Services. It will describe how the University will protect its IT resources and data. These policies apply to all users of these resources - student, faculty, staff, employee, contractors, and so on.
Technology should not be used just for its own sake. It should be used as a means of efficiently helping the University to meet its goals. In the Campus Strategic Plan, technology is mentioned three times. In all three cases it is mentioned to enhance or further existing processes. The goal of the Information Security Program is not to penalize or add controls just because we can. The goal is to assist the University to meet the strategic goals by taking proactive steps to provide reliable and trustworthy systems.
- Provide reliable and trustworthy systems to allow the University to meet their strategic
goals, in particular those which mention technology
- Allow the University to Expand the quality of technology, both equipment and training, to support academic innovation, student learning, and the further development of hybrid courses and on-line learning
- Increase service levels through continuous process improvement, making use of technology and enabling users to engage in self-service.
- Adopt best practices, support innovative approaches, and continue to embrace technology to enhance research and administrative functions and improve learning and communication.
- Find and re-mediate issues before they become a problem impacting the University
- Comply with FERPA and other regulatory policies and laws
- Provide only the needed access to IT resources to minimize risk, but allow timely and reliable access to resources
1) Protect the University's mission critical systems
2) Identify and implement controls which can provide the greatest amount of good for limited funding
3) Aggressively scan and re-mediate vulnerabilities
4) Document. Standard configurations, policies, methods, changes.