Topics: Information security, Computer security, Security Pages: 16 (7523 words) Published: September 29, 2014
Georgetown University Information Security Policy : Technology (Georgetown Unive... Page 1 of 16

• Skip to Content
• Skip to Extra Content
• Georgetown University

Site Index

Georgetown University
Technology Policies & Guidelines
Search Technology Policies

• University Policies
• » Technology Policies

Georgetown University Information Security Policy
Approved May 13, 2003 by the President's Executive Committee Table of Contents
◦ Purpose
◦ Scope
◦ Stewards
◦ Users
◦ Managers (of Users)
◦ Information Service Providers
◦ University Information Security Officer
◦ Local Information Security Personnel
◦ Internal Audit and Management Analysis Department
◦ University Counsel's Office
• Information Security Policy Review Committee
• Information Services Management Council (ISMC)


Georgetown University Information Security Policy : Technology (Georgetown Unive... Page 2 of 16


3. The Georgetown University Information Security Policy (the "Policy") serves to create an environment that will help protect all members of the Georgetown University community (the "University") from information security threats that could compromise privacy, productivity, reputation, or intellectual property rights. The Policy recognizes the vital role information plays in the University's educational, research, operational, and medical advancement missions, and the importance of taking the necessary steps to protect information in all forms. As more information is used and shared by students, faculty and staff, both within and outside the University, a concomitant effort must be made to protect information. The Policy serves to protect information resources from threats from both within and outside of the University by setting forth responsibilities, guidelines, and practices that will help the University prevent, deter, detect, respond to, and recover from compromises to these resources, and to foster an environment of secure dissemination of information.

4. This Policy is set forth in seven sections: (1) the purpose and scope of the Policy, (2) the philosophy underlying the University's information security efforts, (3) the responsibilities and practices each member of the University community shares for information security, (4) enforcement of the Policy, (5) the resources available to assist in complying with this Policy, (6) the approval process, and (7) the review and revision of the Policy on an asneeded basis. Individuals and departments within the University may adopt additional information security requirements that are specific to their operations, provided that such requirements are consistent with this Policy. However, in the event that more specific policies govern certain types of information, e.g., Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act (HIPAA), or financial information under the Gramm-Leach-Bliley Act (GLBA), the more specific policy will take precedence. 5.


6. Persons
7. This Policy applies to all students, faculty, staff, contractors, consultants, temporary employees, guests, volunteers and other members of the University community, including those who are affiliated with third parties, who access University computer networks. It sets forth specific responsibilities for those who have primary responsibility for information resources ("Stewards"), individuals who use those resources ("Users"), individuals who have management or supervisory responsibility ("Managers"), information service providers, the Internal Audit and Management Analysis Department, the University Counsel's Office, the University Information Security Officer, and Local Information Security Personnel. (See Section III:...
Continue Reading

Please join StudyMode to read the full document

Become a StudyMode Member

Sign Up - It's Free