Board of Regents Policy Manual

Official Policies of the University System of Georgia

10.4 Cybersecurity

Information created, collected, or distributed using technology by the University System Office (USO), all University System of Georgia (USG) institutions, and the Georgia Public Library Service (GPLS) is a valuable asset and must be protected from unauthorized disclosure, modification, and destruction. The degree of protection needed is determined by the nature of the resource and its intended use. The USO, all USG institutions, and the GPLS shall employ prudent cybersecurity policies, standards, and practices to minimize the risk to the confidentiality, integrity, availability, and privacy of data and information and shall create and maintain an internal cybersecurity program.

10.4.1 System-Level Responsibilities

The USG chief information security officer shall develop and maintain a cybersecurity organization and architecture in support of cybersecurity across the USG between USG institutions.

The USG chief information security officer shall maintain cybersecurity implementation guidelines that the USO, all USG institutions, and the GPLS shall follow in the development of their individualized cybersecurity plans.

10.4.2 Institutional- and Organizational-Level Responsibilities

The President of each USG institution and the GPLS State Librarian shall ensure that appropriate and auditable information security controls are in place.

The USO, all USG institutions, and the GPLS shall each develop, implement, and maintain a cybersecurity plan consisting of cybersecurity policies, standards, procedures, and guidelines that is consistent with the guidelines provided by USG Cybersecurity and submit the plan to USG Cybersecurity for review.

Methods for ensuring that applicable laws, regulations, guidelines, and policies are followed shall be distributed and readily available to each organization’s user community and included in the cybersecurity plan.

Clear procedures for reporting and managing cybersecurity incidents shall be documented, adhered to, and contained in the cybersecurity plan. These procedures shall include the reporting of incidents to the USO in a timely manner.

10.4.3 Identity Theft

The USG shall maintain a program and policies designed to protect against identity theft and to safeguard personal and financial information maintained by the USG and its institutions and organizations. The program shall comply with all applicable credit reporting and electronic transaction laws, be reviewed at least annually for effectiveness and legal compliance, and be widely distributed.

↑ Top