Category 'Information Security'
|Policy Title||Brief Policy Statement|
||Passive anti-virus detection and removal applications will be installed and activated on all Windows or Macintosh desktops, workstations and laptops/notebooks which are either physically or remotely connected to the Georgia State University network.
|Appropriate Use (information)
||The University System of Georgia (USG) expects all institutions and their users to use IT resources in a responsible manner, respecting the public trust through which these resources have been provided, the rights and privacy of others, the integrity of facilities and controls, state and Federal laws, and USG policies and standards. University System institutions may develop policies, standards and guidelines based on their specific needs that supplement, but do not lessen the intent of this policy.
||Computer accounts are available to students, faculty, staff and associates.
|Data Classification, Access and Information Protection
||All university information will be used with appropriate and relevant levels of access and with sufficient assurance of its integrity in compliance with existing university's policies, laws, rules and regulations.
|Disposal of Electronic Equipment (3-00-132.1)
||Georgia State University shall manage, protect, secure and control sensitive electronic information which may be found on surplused computers.
|E-mail Access and Message Retention
||All students, faculty and staff must be accessible through the university-selected e-mail applications.
|E-mail System Acceptable Use and Security
||Electronic messaging (e-mail) is an essential and enabling application that facilitates the flow of information within the university and with external correspondents. Electronic messaging systems will be managed and protected across the university in accordance with common standards and procedures.
|Gramm-Leach-Bliley Act and the FTC Safeguards Rule: Georgia State University Information Security Plan
||Every University department that handles or maintains customer information is responsible for identifying the type of information, the form of the information and the security risks within their department and taking appropriate measures to mitigate those risks.
||Information security incidents occurring on the university network or attached devices will be managed centrally by the University Information Security Officer (ISO) and will include other campus resources as determined by the ISO.
|Information Security Management System
||The University selected the Information technology--Security techniques-- Information security management systems-- Requirements (ISO 27001) as a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). The adoption of an ISMS was a strategic decision which was influenced by the needs and objectives, security requirements, and processes employed at the University. ISMS implementation has been incremental and will continue to be scaled in accordance with University requirements.
|Information Systems Ethics
||Georgia State University's information system resources shall be made available only for appropriate uses, and will be used in a manner that protects both personal privacy and equitable availability across the university.
|Minimum Information Security Environments and Data Classification
||The university has both the right and the obligation to manage, protect, secure and control the electronic information resources of the university.
||Remote access to information technology resources (switches, printers, routers, computers, etc.) and to sensitive or confidential information (social security numbers, credit card numbers, bank account numbers, etc.) are only permitted only through secure, authenticated and centrally-managed access methods.
||Where appropriate, information security personnel will conduct risk assessments of technologies/processes that are being evaluated and/or used at Georgia State University.
|University Information Systems Use
||All approved university policies that are aimed at ensuring the access, use and protection of information systems are summarized here. This policy´s scope, terms, compliance and violations sections apply to all the information systems policies listed here.
||Authorized users of Georgia State University computer systems networks and data repositories may be permitted to use wireless technology to connect to those systems, networks or data repositories for the conduct of university-related business only through authenticated and centrally managed access methods.