IT Policy Updates: Incident Management and Security Awareness Training

by

The following IT policies have been updated:

  • IT Incident Management Policy (IT.PO.230) | IT Incident Management Standard (IT.ST.230) – An information security incident is any questionable or suspicious activity that could threaten the security systems, data, and information technology resources at GHC. These events may violate established information security policies, state and federal information security and privacy laws, or have other criminal implications. A system being “hacked” or the loss of a USB drive containing sensitive data are examples of information security incidents. This policy and its associated standard define the roles and responsibilities necessary for the prompt investigation of potential information security (cybersecurity) incidents in accordance with the Information Security Incident Response Plan. All GHC employees are required to immediately report suspected incidents to the information security program through an IT ticket (rt@highlands.edu) or directly (infosec@highlands.edu).
  • IT Security Awareness Training Policy (IT.PO.400) – Georgia Highlands College’s information security program cannot protect the confidentiality, integrity, and availability of data without ensuring that users understand their responsibilities and are adequately trained to maintain the security of systems and data. Security awareness training alone cannot make an information security program successful. However, ensuring users remain well trained and vigilant about threats, such as phishing scams and social engineering, significantly decreases risk to the institution by reducing the likelihood that data will be inappropriately disclosed and by minimizing the impact and potential financial harm due to loss of systems and data. In order to address a constantly evolving threat landscape, the Information Security Officer (or designated delegee) will ensure that the information security program establishes and maintains information security awareness training programs in accordance with regulatory requirements and the University System of Georgia IT Handbook.

Please review these documents from the Information Technology section of the Intranet (faculty & staff website) at your earliest convenience.