Shared information is a powerful tool and loss, or misuse can be costly, if not illegal. The purpose of this section is to ensure that cybersecurity safeguards are established, in place, effective, and adhered to reduce risk. This applies to all users of Clayton State information resources.
Safeguards include the policies, procedures, requirements, and practices that are necessary for maintaining a secure environment for the storage and dissemination of information. The objective of Clayton State University divisions, departments, and schools is to protect information from inadvertent or intentional damage as well as unauthorized disclosures or use. The benefits of safeguards include identification of fraud, security vulnerabilities, unforeseen threats, and minimization of potential impacts. Other benefits include audit compliance, service level monitoring, performance measuring, limiting liability and capacity planning.
Clayton State recognizes that cybersecurity:
- Is everyone’s responsibility;
- Is a cornerstone of maintaining public trust;
- Should be risk-based and cost-efficient;
- Should align with USG priorities, industry best practices, and government requirements; and,
- Should be applied holistically, regardless of medium.
Clayton State organizations must designate trained cybersecurity representatives whose role includes:
- Communicating cybersecurity policies to all employees and contractors; and,
- Reporting deviations from policies.
Clayton State University must:
- Develop procedures and processes that support compliance with Board of Regents (BOR) and USG policies and procedures. Organizational procedures and processes may be more specific than BOR and USG policies and procedures but shall in no case be less than the minimum requirements; and,
- Develop strategic and operational control guidance of hardware, software, and telecommunications facilities.
Clayton State University must develop reporting processes to support the investigation of and response to suspicious activities and follow USG guidelines for reporting or investigating acts of suspected malfeasance that involve organizational data as noted in the BOR University System of Georgia Ethics Policy.