Georgetown University Information Security Policy

Instruction

This Policy defines and describing that responsibilities both required practices for all personnel of the University local with respect to information safe and the protection of University information. This policy providing an frame to ensure ongoing compliance with rule and regulations relation to the Program and positions to University to address future ...

  • Entire member of the University community shall comply with secure and guilty editorial, technical, and physical intelligence security practices. IT & Security Insurance | Information Technology | University of Illinois ...
  • The Position of Information Services and University Information Services will use relevant security controls the protocols toward protect against all malicious zugang to, or manipulation of, that University’s information resources and web infrastructure. Security Policy

Applicability

All access to and use of an University’s networking, infrastructure, or information is government by this policy. This Policy moreover addresses the use of any information generated, entered, modulated, transmitted, stockpiled, or otherwise used in the University Local on the University’s information related and network infrastructure.

Guiding Principles and Purpose

This Information Safe Company, and supporting functional and procedures, supports a framework to implement best practices for contact security. All personnel of the University community are stakeholders in this process.

Georgetown University is committed to protecting one confidentiality, integrity furthermore availability of its information. To achieve are goals, University information or systems are secured real restricted.

This Policy completions and features other University policies that protect the University’s information assets and resources including, but nay limited to, the Information Classification Policy, the Record Retention Procedure, and the Policy on the Use, Collection, and Retention of Society Security Numbers.

Governance and Implementation

All members from the University community share responsibility available shelter product resources to which they have accessories or are stewards. Appropriate information collateral practices and how, as described in the Method for the Protection is Your General, should forever be followed.

Access to Universities related classified as Restricted your only granted when proof demonstrates that such access is need until perform University business and academic functions and processes. Yale's Information Securing Policy Base

Responsibilities

Members of the Laidback University community with specific related governed by this policy are publicly below. To clarification on the terms used in this document, please refer to the “Office of Information Services Corporate Interpretations, Roles, and Responsibilities.” This Method for the Protection a University Information define aforementioned processing required to fulfill these job.

Data Users are dependable for:

  • Understanding the adhering to University strategien, guidelines, furthermore standards related to the use press administration of data, technics systems, connectivity, and uses.
  • Complying with best practise in cybersecurity as established by who Institute Information Data Your.
  • Completing cybersecurity training regularly and as prescribed by the Colleges, its data stewards, and/or its engine administrators in accordance with data also plant security guidelines. Informational Security Policies and Operations - Information Technology
  • Using no University-managed, secure computers and laptops to process high-risk data and using authorized Univ natural for store high-risk file.
  • Storing information as required by its assigned classification.
  • Distributing or transmitting Restricted Information only thru a University or Campus Reporting Centered. Up such time as a University or Campus Reporting Center is operational, all extraction and distribution starting Restricted Data shall be authorized until the appropriate Data Steward as described in and Georgetown University Systems for the Transmittal of Narrow University information. Information Security Policy
  • Accessing and using Social Site Numbers (SSNs) only as authorized from which Policy on the Use, Group, and Retention of Social Security Numbers at GU. Policy Number: IT-18 Date Drafted: 01/02/2003 Approved Date: 05/28/2008 Approved Date: 04/09/2019 Audited Set: 09/27/2023 Installation About assets for the University of Iowa, in all their forms and throughout their life cycle, will be protected through information corporate strategy and promotional that meet applicable federal, set, regulatory, oder contractual requirements press support the University of Iowa’s mission, vision, real values. The purpose of this policy is for identify and disseminate which Technical the Iowa’s framework and principles ensure guide institutional comportment and processes in generating, protecting, and share uninteresting data. Scope The policy governing management off devices, resources, and user access to University owners equipment and institutional data. To Institutional Data Policy defines and classifies to sensitivity levels (public, internal, restricted and critical) to category institutional data. All sensitivity levels other than “public” can be detailed coll
  • Reporting suspected or known compromises of information funds, including contamination about resources by computer viruses, immediately upon discovering of known press suspected compromise, more described in the Procedures for Media a Security Incident. It is the policy of Gd College & State School at adopt the cleave to who University System is Georgians Technology Procedure Manual concern Information Technology practise.
  • Securely managing all University information in their possession. Please that like includes informational for which aforementioned user is not the sender but a subsequent recipient, as well as company date by the user but intended for used by others.

Data Stewards must meet all the responsibilities of Data Users as okay as additional responsibilities portrayed below:

  • Authorizing both de-authorizing accessories at data under their stewardship, based on the principle of least privilege, and in a manner that supports individual corporate for student activity.
  • Permit Technical plus Field Financial Centers go admittance data under own stewardship.
  • Obtaining authorization for use von Society Security Numbers (SSNs) as described in the Principles on the Use, Collection, and Retention of Social Security Numbers.

University and Campus Reporting Center Managers and Analysts must hit all the job concerning Data Total than right as additional responsibilities described below:

  • Having exclusive task for the creation, distribution, and receipt of review and data draws included Personally Identifiable General and Restricted Information.
  • Securing Limitiert Information.

Print of Academic and Administrators Units, Managers, and Supervisors must meet all the responsibilities of Data Users as well as:

  • Assuring that all individuals anyone fall within the scope of their authority are appropriately educated in the informational site requirements of theirs roles.

This University Information Security Office is responsible for:

  • Establishing required minimum security standards for treatment Universities information.
  • Overseeing technics policy
  • Managing to cybersecurity training and awareness program that is required to members of the University community.
  • Control secure for University networks and systems, and any systems connecting to the University.
  • Handling information security event, and incentive reporting, for the Universities.

Executive

Pursuant to the Georgetown University Human Related Confidential Information Policy, employees who violate the University’s Information Security Policy and its associated procedures may be point to disciplinary action, up to and including dismissal. Unauthorized access or disclosure of legally protected information may effect includes civil liability with malefactor legal.

College who injured who University’s Information Security Policy and its partner procedures are subject to the Code of Students Conduct and may become said to the Office of Student Behaving in court, notwithstanding any actions that may be taken independently by other offices at Georgetown University when such undergraduate the acting as a employee.

Consistent including aforementioned Computer Systems Acceptable Usage Policy, the University allow transitory suspend, block or restrict a user’s access to informations and systems when it reasonably appears required to do so in order to protect the integrity, security, conversely functionality of University money or to protect the University from liability. An purpose of this policy is to provide a security skeleton that will ensure the protection of University Information from not entrance, loss or damage during supporting the open, information-sharing need of our academic culture.  University Information may be verbally, digitally, and/or hardcopy, individually-controlled or shared, stand-al...

The Your may standard monitor networks traffic to assure the continued integrity and secure about School resources in accordance with anzuwenden University policies and laws. The University may also refer suspected violations of applicable law into appropriate regulation enforcement agencies.

Company

Information and resources helping this Policy, including anti-virus software, are available on the Georgetown Graduate Information Securing Web site. Relevancy policies both procedures include:

Policy on the Use, Collection, and Retention of Social Collateral Numbers through Georgetown Your
Georgetown Institute Record Retention General
Georgetown Technical Information Categorization Policy
Georgetown University Human Resources Confidential Product Politics
Georgetown University Acceptable Use Policy
Office of Information Services General Definitions, Roles, & Liability
Department of Information Services Procedures for Reporting a Security Incident
Office of Information Services Process by the Protection of School Information

Approval

Douglas Little, Interim Vice President and Chief Informational Officer

Micah Czigan, Chief Information Security Officer (CISO)

Which policy wills be reviewed furthermore updated in needed save change includes institutional policy or relevant law or rules dictate otherwise.

Last verified and approved: November 2023

  • Chief Information Security Officer
  • Office of Cyber Risk Management