¶¶ÒõÉçÇø¶ÌÊÓƵ

Given the ¶¶ÒõÉçÇø¶ÌÊÓƵ and the state government’s increased use of IT and Internet-based services, the ¶¶ÒõÉçÇø¶ÌÊÓƵ has a compelling need to ensure the confidentiality, integrity and availability of those systems and services are adequately protected from known and anticipated threats. As noted in Section 5.2.2 of the Information Technology Handbook, ¶¶ÒõÉçÇø¶ÌÊÓƵ institutions, the USO, the GPLS, and the Georgia Archives are responsible for the designation of officials within their organization to fulfill key security functions and report on its status of compliance with security policy, standards and procedures. While reporting and self-certification activities alone do not ensure the security of ¶¶ÒõÉçÇø¶ÌÊÓƵ and state information assets, they do demonstrate an organization’s acknowledgement of the requirements and provide a measure of accountability.

A policy is typically a concise document that outlines specific requirements, business rules or company stance that must be met. The policy is the organization’s stance on an issue, program or system. It is a rule that everyone must meet. A standard is a requirement that supports a policy and a guideline is a document that suggests a path or guidance on how to achieve or reach compliance with a policy. There are three phases in the ¶¶ÒõÉçÇø¶ÌÊÓƵ policy development cycle:

1. Formulate
2. Refine
3. Formalize

In the information and network security realm, policies are usually point-specific, covering a single area. Polices can be program policies, issue specific policies, and system policies.

The ¶¶ÒõÉçÇø¶ÌÊÓƵ follows the Association of College and University Policy Administrators (ACUPA) model for policy development, modified for our environment.

Read More: ¶¶ÒõÉçÇø¶ÌÊÓƵ Cybersecurity Policies and Standards

Institutional Polices and Guidelines