Section 6 Introduction
The Board of Regents recognizes that information created, collected, or distributed using technology by the University System of Georgia (USG) University System Office (USO), USG institutions, and the Georgia Public Library Services (GPLS) is a valuable asset and must be protected from unauthorized disclosure, modification, or destruction. The degree of protection needed is based on the nature of the resource and its intended use. All USG participant organizations have the responsibility to employ prudent information security policies, standards, and practices to minimize the risk to the confidentiality, integrity, and availability of USG information.
Risk Management is formally defined as the total process to identifying, controlling, and managing the impact of uncertain harmful events, commensurate with the value of the protected assets. The aim of risk management is to help decision-makers strike an economic balance between the costs associated with the risks and the costs of protective measures to lessen those risks. It is both a prudent practice and, in many cases, a legal necessity.
Therefore, all USG participant organizations shall create and administer risk management programs that protect the institution’s technology infrastructure and mission critical processing.
The USG chief information security officer (CISO) shall develop and maintain a risk management organization and architecture for support of risk management across the USG and support of activities between participant organizations. He/she shall maintain risk management implementation guidelines that the individual USG participant organizations should consider in the development of their individualized risk management plans. These risk management policies and standards are located at: