What is Information Security

To assist the Division of Information Technology in achieving its vision, Information Security MUST be considered by each and every member of the University community. So, what is Information Security? Information security can be defined as the protection of information and the systems and hardware that use, store, and transmit that information. Unfortunately, this pursuit is not a completely achievable pursuit. However, there are three objectives that will assist the University in achieving the best results for the effort expended, which are to minimize the loss of:

• Confidentiality – preventing the intentional or unintentional unauthorized disclosure of data.
• Integrity – ensuring no modifications to data by unauthorized personnel or processes, and ensuring internal and external data are consistent and accurate.
• Availability – ensuring the reliable and timely access to data or computing resources by appropriate personnel.

To access the Information Security Awareness Primer please visit Information Security, Security Awareness and Training at MyUNG for a more thorough introduction to Information Security! Other areas of interest located at MyUNG are:

Governance

Why do we need IT policies and what are they? Policies define the strategic goals for the University. Management defines the scope, distributes, and maintains the policies, which must be unambiguous because adherence to the policies is mandatory. That is, a policy is a directive that provides an effective and achievable direction for information security goals. Access to these policies may be obtained by visiting the Information Security, Governance link at MyUNG.

UNG Community Resources

(login required)

Incident Response

An incident is an unusual occurrence or breach in the security of a computer or network system or a violation of a standing policy, which may have an actual or potential adverse affects on an information system. It is important for organizations and home users alike to have an incident response plan in place and to know how and who to contact in the event you witness an incident or violation of a security policy.

In an effort to provide a means to communicate computer and network security concerns, the University of North Georgia is working on providing this form online for your convenience. To report an incident, visit the Information Security, Incident Response link at MyUNG to begin!

Business Continuity

The continuity of operations is the preparation, processes, and practices required to ensure the University continues operating after having faced a major disruption of operations. To achieve this, the University must identify, select, implement, test, and update procedures and processes necessary to protect critical business processes from the effects of a major disruption and to be able to restore the business processes in a timely manner. This topic often within the security circles also includes disaster recovery planning, which addresses the detail process for recovering information or an IT system in the event of a catastrophic disaster such as a fire…. To learn more, visit the Information Security, Business Continuity link at MyUNG.

Risk Management

Managing risks is the process of identifying and measuring security risks associated with an information system, and controlling and reducing those risks to an acceptable level. Often, risk management is applied to business continuity, business impact analysis, and disaster recovery. The objective is to eliminate, reduce or mitigate the instances of risk. To do this requires and understanding of threat, vulnerability, and controls….To learn more, visit the Information Security, Risk Management link at MyUNG.

Security Awareness Training

Interested in learning about viruses, Trojans, zombies, and bot-nets are? Want to lean how to better secure you computer for yourself and your family? Do you want to know more about Information Security? Visit the Information Security, Security Awareness Training link at MyUNG to begin!