Information System Use Policies Chart
Policy |
What is it? |
Who does it apply to? |
What needs to be done? |
|---|---|---|---|
Requires mandatory use of Anti-virus protection for Windows and Macintosh computers |
Anyone at Georgia State with a personal computer connected to the university network |
Install a copy of Symantec Anti-virus; see the Procedures section for download and installation directions |
|
Describes how university e-mail systems will be managed and protected |
Anyone at Georgia State who uses e-mail; anyone at Georgia State who maintains an e-mail server |
Use strong passwords; do not send confidential information via email; follow procedures to send e-mail messages to large numbers of Georgia State recipients |
|
Information Security incidents occurring on the university network or attached devices will be managed centrally by the University Information Security Officer (ISO) and will include other campus resources as determined by the ISO |
Anyone at Georgia State |
Read the policy and follow the outlined standards and procedures |
|
Requires appropriate and civil use of network resources; describes institutional protection of user information |
Anyone at Georgia State using the university’s computing and networking resources |
Read the “Appropriate Use” and “University Access to User’s Information (Privacy)” sections |
|
Describes how university data and information should be accessed and protected |
Anyone at Georgia State that utilizes or accesses university data and information |
All university data and information should be protected according to its definition level of confidential, sensitive or unrestricted |
|
Requirements (ISO 27001) as a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). |
All University personnel are responsible for the security and privacy of the data they access, transmit, and store as prescribed in University policy, legal, regulatory, and statutory requirements. |
Corrective Action Procedure |
|
Minimum precautions for securing computing devices and access to the Georgia State network. Responsibilities of the Information Security Officer |
Anyone at Georgia State using computers or having responsibility for a server |
Don’t use computers or systems you are not authorized to use; don’t send an e-mail as if you were someone else; use the university-supported versions of Windows, Mac OS, and Novell; Netware, GroupWise, VPN (Virtual Private Network) and anti-virus clients; follow the password generation rules for creating passwords; don’t share userids and passwords; maintain documentation to verify proper licensing of purchased software; physically protect your computer or server; do not attempt to defeat the security of information systems |
|
Network Connection of Surveillance System Cameras and Digital Video Recorders Policy |
Approval and configuration requirements for video systems used to protect resources or personnel |
Anyone at Georgia State planning to install a digital surveillance system |
Contact the Information Security Officer prior to acquisition and installation |
Off-campus access to network and systems are through approved methods only |
Anyone at Georgia State providing access to local servers from off-campus locations Anyone accessing a Georgia State network or information system from off-campus |
Read the policy and follow the outlined standards and procedures Use a Virtual Private Network (VPN) client for authentication and encryption; see Procedure for details |
|
Where appropriate, Information Security personnel will conduct risk assessments of technologies/processes that are being evaluated and/or used at Georgia State University |
Anyone at Georgia State |
Read the policy and follow the outlined standards and procedures |
|
Requirement for students to have access to computers for Georgia State University course work |
Students at Georgia State |
All students must have access to a computer; it is the responsibility of students to ensure their access to computers. At a minimum, the computer must provide access to the worldwide web using a current browser, spreadsheet capability and word processing. Academic departments may have more stringent requirements |
|
This policy assures that university web-based materials are available to all who attempt to access them. |
Anyone who develops, manages or writes content for a gsu.edu website. |
Develop Web sites and on-line courses in compliance with the Priority One elements of the W3C guidelines (http://www.w3.org/WAI) or exceed them. |
|
Georgia State's Web sites will exhibit a uniform and cohesive identity through the use of the content management system (CMS) approved by the CoreWeb Steering Committee. |
College, Academic Department and Administrative Web sites. Web sites for student organizations are not produced within the CMS. At this time, individual faculty pages are not required to be developed in the CMS. |
All Georgia State University World Wide Web publishers must comply with the guidelines described in this document. |
|
WiFi/802.11 access through centrally managed authenticated methods. Existing installations which do not meet the standards of this policy must be in compliance no later than June 30, 2004 |
Anyone using a wireless device at Georgia State |
You must use a Virtual Private Network (VPN) client; see Procedures section for details Read the Procedures sections on “Configuration, Installation, and Management” and “Unauthorized Access Points” |