Information Security

Mission

The mission of the University of Georgia's, Office of Information Security is to support the central mission of the University by assuring confidentiality, integrity and availability of its information and information systems. Securing instructional, academic and administrative systems.

This mission is accomplished through implementing assurance methods that protect and defend these assets by:

focusing on reducing the risk to these systems;
complying with applicable policies, laws and regulations;
raising the conscientiousness of the University Community through awareness, training and education and;
the application of trusted technology.

Core and Essential Services

Business Continuity and Disaster Recovery
Risk Management
Incident Response Coordination
Security Awareness Training and Education
User and Desktop Security
Secure Operations Center
Policy Management

Business Continuity and Disaster Recovery

A disaster recovery plan -- sometimes referred to as a business continuity plan or business process contingency plan -- describes how an organization is to deal with potential disasters. Just as a disaster is an event that makes the continuation of normal functions impossible, a disaster recovery plan consists of the precautions taken so that the effects of a disaster will be minimized, and the organization will be able to either maintain or quickly resume mission-critical functions. Typically, disaster recovery planning involves an analysis of business processes and continuity needs; it may also include a significant focus on disaster prevention

Risk Management

An effective risk management process is an important component of a successful IT security program. The principal goal of an organization's risk management process should be to protect the organization and its ability to perform their mission , not just its IT assets. Therefore, the risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization.

Incident Response Coordination

Security-related threats have become not only more numerous and diverse but also more damaging and disruptive. New types of security-related incidents emerge frequently. Preventative activities based on the results of risk assessments can lower the number of incidents, but not all incidents can be prevented. An incident response capability is therefore necessary for rapidly detecting incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring computing services.

User and Desktop Security

Security Awareness Training and Education

Design/develop multi-level security awareness, training and educational program for all students faculty and staff

Strive to meet and teach as many UGA students, faculty and staff as possible

Secure Operations Center

Continue building the UGA Secure Operations Center in the Boyd Data Center

Operational and Situational Awareness
Centralized Alert Management
Security Policy Management
Central Audit Log Data Repository
Web-Based (Browser) Portal Technology
Deploy UGA "Scan-on-Demand" Vulnerability Scanning

Policy Management

Continued development of the following policies/guidelines/standards

Disaster Recovery and Business Continuity Directive
Acceptable Use of Electronic Resources at UGA
UGA Minimal Security Configuration Policy
Incident Response Policy
Security Awareness, Training and Education - SATE Policy
UGA Information Security Organization and Administration Directive

OFFICE OF THE CIO

EITS: DIVISIONS & OFFICES

Related Links