Information System Policies Chart

Policy What is it? Who does it apply to? What needs to be done?
Anti-virus Software Policy Requires mandatory use of anti-virus protection for Windows and Macintosh computers Anyone at Georgia State with a personal computer connected to the university network Install a copy of university-provided anti-virus software; see the Procedures section for download and installation directions
Email System Acceptable Use and Security Policy Describes how university email systems will be managed and protected Anyone at Georgia State who uses email; anyone at Georgia State who maintains an email server Use strong passwords; do not send confidential information via email; follow procedures to send email messages to large numbers of Georgia State recipients
Indicate on-going compliance to the email server security standards in this policy
Incident Response Policy Information Security incidents occurring on the university network or attached devices will be managed centrally by the University Information Security Officer (ISO) and will include other campus resources as determined by the ISO Anyone at Georgia State Read the policy and follow the outlined standards and procedures
Information Systems Ethics Policy Requires appropriate and civil use of network resources; describes institutional protection of user information Anyone at Georgia State using the university’s computing and networking resources Read the “Appropriate Use” and “University Access to User’s Information (Privacy)” sections
Information Protection and Access Policy Describes how university data and information should be accessed and protected Anyone at Georgia State that utilizes or accesses university data and information All university data and information should be protected according to its definition level of confidential, sensitive or unrestricted
Information Security Management System Policy Requirements (ISO 27001) as a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). All University personnel are responsible for the security and privacy of the data they access, transmit, and store as prescribed in University policy, legal, regulatory, and statutory requirements. Corrective Action Procedure
Internal Audit Procedure
Preventive Action Procedure
Minimum Information Security Environment Policy Minimum precautions for securing computing devices and access to the Georgia State network. Responsibilities of the Information Security Officer Anyone at Georgia State using computers or having responsibility for a server Don’t use computers or systems you are not authorized to use; don’t send an email as if you were someone else; use the university-supported versions of Windows, Mac OS, and Novell; Netware, GroupWise, VPN (Virtual Private Network) and anti-virus clients; follow the password generation rules for creating passwords; don’t share userids and passwords; maintain documentation to verify proper licensing of purchased software; physically protect your computer or server; do not attempt to defeat the security of information systems
Network Connection of Surveillance System Cameras and Digital Video Recorders Policy Approval and configuration requirements for video systems used to protect resources or personnel Anyone at Georgia State planning to install a digital surveillance system Contact the Information Security Officer prior to acquisition and installation
Remote Access Policy Off-campus access to network and systems are through approved methods only Anyone at Georgia State providing access to local servers from off-campus locationsAnyone accessing a Georgia State network or information system from off-campus Read the policy and follow the outlined standards and proceduresUse a Virtual Private Network (VPN) client for authentication and encryption; see Procedure for details
Security Review Policy Where appropriate, Information Security personnel will conduct risk assessments of technologies/processes that are being evaluated and/or used at Georgia State University Anyone at Georgia State Read the policy and follow the outlined standards and procedures
Student Computer Access Policy Requirement for students to have access to computers for Georgia State University course work Students at Georgia State All students must have access to a computer; it is the responsibility of students to ensure their access to computers. At a minimum, the computer must provide access to the worldwide web using a current browser, spreadsheet capability and word processing. Academic departments may have more stringent requirements
Web Accessibility Policy This policy assures that university web-based materials are available to all who attempt to access them. Anyone who develops, manages or writes content for website. Develop Web sites and on-line courses in compliance with the Priority One elements of the W3C guidelines ( or exceed them.
Web Policy Georgia State’s Web sites will exhibit a uniform and cohesive identity through the use of the content management system (CMS) approved by the CoreWeb Steering Committee. College, Academic Department and Administrative Web sites. Web sites for student organizations are not produced within the CMS. At this time, individual faculty pages are not required to be developed in the CMS. All Georgia State University World Wide Web publishers must comply with the guidelines described in this document.
Wireless Access Policy WiFi/802.11 access through centrally managed authenticated methods. Existing installations which do not meet the standards of this policy must be in compliance no later than June 30, 2004 Anyone using a wireless device at Georgia StateAnyone installing a wireless access point on Georgia State’s network You must use a Virtual Private Network (VPN) client; see Procedures section for detailsRead the Procedures sections on “Configuration, Installation, and Management” and “Unauthorized Access Points”