UGA Role-based Security/ Accountability Model BAAF Quarterly Meeting 2007.
Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.
UGA Role-based Security/ Accountability ModelBAAF Quarterly Meeting2007
“The University of Georgia cannot protect the confidentiality, integrity, and availability of sensitive information and information systems in today’s highly networked systems environment without ensuring that each person (student, faculty and staff) understands their roles and responsibilities, and is adequately trained to perform these roles”.
UGA Chief Information Security OfficerUGA Security Committee
The vision for the University of Georgia is a campus environment where the protection of sensitive and critical data, and information technology resources, is a shared responsibility among administrators, faculty, staff, students, and IT professionals.
This responsibility will be addressed campus-wide by implementing information security best practices based on individual role and level of accountability, and will besupported through building increased awareness and participation in training and educational opportunities.
2007 Senior VP Campus Memo
“Role/Accountability” Campus-wide Plan
…accountability for implementation of Universitysecurity standards, policies,
processes and procedures based on individual position and level of responsibility
2006-2007 Securing Sensitive Data
Processes, People, Core Technology Tools
2006 President’s Retreat
“Securing UGA Sensitive Data: Current Status,
Challenges and Future Directions”
Atten: Issue #5 — Acceptance of shared responsibility for institutional
data and information security…campus-wide
2005 Campus Memo
“Securing Sensitive Data Initiative”
Phase I: UGA Auditor/CISO high risk Assessment (19 campus units)
Phase II: Inventory of all assets (i.e., servers, databases, personnel) through
ASSETs Online software application, Version 1 (350 campus units)
Securing Sensitive Data
Defense in Depth
Board of Regents
Board of Regents
Senior Vice Presidents
Vice Presidents, CIO
Deans, Vice Provost
Assoc VP’s, Assoc Provosts
Campus Security Liaisons
Cyber Security Awareness Month
Websites/url (e.g., UGA InfoSec; Federal Trade Commission
Security is everyone’s responsibility……“under existing federal and state legislation, universities are responsible for the confidentiality and integrity of data originating from, and managed through, a campus environment. For the University of Georgia, over 41,000 network devices (e.g., computers, printers, fax machines, scanners) are used. Universities are also required to be a responsible custodian of personal data stored on computers, servers, and other communication devices. In 2006, more than 2.2 million records were stolen from colleges and universities, an increase of 17% over 2005”.NOTE: Ponemon Institute Survey $182.00 for every breached recordComputer Science Institute/FBI Computer Security Survey$89,000 average cost for computer theft
23.5 million monthly average during drop/add period
Senior Vice Presidents… May 6, 2007 campus memo indicating specific actions by campus entities shall include:
See: Handout: May 6 Campus Memo re: Securing Sensitive Data Initiative