Georgia Perimeter College’s information is an important asset that is critical to providing an effective and comprehensive learning environment, openly communicating ideas, providing outstanding community service, and supporting the college’s operations. This information includes sensitive and personal student, faculty, and staff data as well as the college’s operational data. To maintain effectiveness and protect individuals, the college’s information assets must be protected from misuse, unavailability, destruction, and unauthorized disclosure or modification.
The executive leadership of Georgia Perimeter College is committed to protecting the value of the college’s information assets. The Information Security Office is charged with establishing and maintaining a program that preserves the confidentiality, integrity, and availability of information and information systems. This responsibility is addressed by:
- Continually assessing risks and defining appropriate protection strategies
- Balancing potential risks with cost and impact of associated protection measures, and enabling informed operational decisions regarding risk
- Complying with applicable legal and regulatory requirements
- Protecting the reputation, image and competitive advantage of the college
- Supporting Georgia Perimeter College’s strategic mission and goals
- Maintaining partnership with administrative units, faculty, and staff to ensure a collaborative approach to information security
The Information Security Office deals with numerous threats and challenges including data loss or theft, malicious software (e.g., viruses, worms, Trojan horses), identity theft, social engineering, phishing scams, and risks associated with new technologies. Security measures also must be implemented to comply with several laws and regulations that address student information (FERPA), financial information, individuals’ privacy data and individuals’ health information.
The Information Security Office offers a wide range of products and services to address information security risks and requirements. These offerings are designed to balance strategic, tactical, and operational needs, and they include the following specific products and services:
- Security policies, procedures, standards, and methodologies
- Security awareness and training
- Risk assessments, security reviews, and security evaluations
- Legal and regulatory compliance
- Security strategy, architecture, and technologies (including technologies to protect against malicious software)
- Technical system configurations and vulnerability management
- Response to information security incidents or breaches
- Security requirements for software development and acquisition
- Disaster recovery and continuity planning
Policies and procedures provide the foundation of an effective information security program and define minimum requirements for protection of information. The Information Security Office of Georgia Perimeter College has developed and implemented policies that specify appropriate controls and conduct. These policies have been approved by the college’s senior executives, are applicable to all faculty, staff, and students, and they are required to be followed. They are available for review in the Georgia Perimeter College Policy Manual on the GPC website.
Any suspected information security breach or issue should be reported immediately to the OIT Service Desk.