ÖгöÉÙ¸¾ÊÓƵ

Given the ÖгöÉÙ¸¾ÊÓƵ and the state governmentÖгöÉÙ¸¾ÊÓƵ™s increased use of IT and Internet-based services, the ÖгöÉÙ¸¾ÊÓƵ has a compelling need to ensure the confidentiality, integrity and availability of those systems and services are adequately protected from known and anticipated threats. As noted in Section 5.2.2 of the Information Technology Handbook, ÖгöÉÙ¸¾ÊÓƵ institutions, the USO, the GPLS, and the Georgia Archives are responsible for the designation of officials within their organization to fulfill key security functions and report on its status of compliance with security policy, standards and procedures. While reporting and self-certification activities alone do not ensure the security of ÖгöÉÙ¸¾ÊÓƵ and state information assets, they do demonstrate an organizationÖгöÉÙ¸¾ÊÓƵ™s acknowledgement of the requirements and provide a measure of accountability.

A policy is typically a concise document that outlines specific requirements, business rules or company stance that must be met. The policy is the organizationÖгöÉÙ¸¾ÊÓƵ™s stance on an issue, program or system. It is a rule that everyone must meet. A standard is a requirement that supports a policy and a guideline is a document that suggests a path or guidance on how to achieve or reach compliance with a policy. There are three phases in the ÖгöÉÙ¸¾ÊÓƵ policy development cycle:

1. Formulate
2. Refine
3. Formalize

In the information and network security realm, policies are usually point-specific, covering a single area. Polices can be program policies, issue specific policies, and system policies.

The ÖгöÉÙ¸¾ÊÓƵ follows the Association of College and ÖгöÉÙ¸¾ÊÓƵ Policy Administrators (ACUPA) model for policy development, modified for our environment.

Read More: ÖгöÉÙ¸¾ÊÓƵ Cybersecurity Policies and Standards

Institutional Polices and Guidelines