SecureUGA, security awareness and accountability campaign, announced

Office of the Chief Information Officer Press Release
The University of Georgia
Athens, Georgia

Friday, April 4, 2008

CONTACTS: Sandi Glass, executive director of the College of Education Office of Information Technology, 706/542-1194, slglass@uga.edu;
Stanton Gatewood, chief information security officer, 706/425-3137, infosec@uga.edu

ATHENS, Ga.— An email sent to all faculty and staff from UGA's three senior vice presidents on April 2 has announced an information security risk-management plan referred to as SecureUGA.

The secure.uga.edu Web site offers awareness presentations, including "Security in the Workplace"

The email stated that "with the increasing threat to data security and the breadth of attacks both internal and external to our systems and applications, it is incumbent that each employee takes responsibility for his or her individual piece of this data security initiative."

The email went on to state that faculty and staff at UGA will be required to participate in four self-paced, online awareness presentations. These presentations are available on the SecureUGA Web site (secure.uga.edu).

The complete text of the email is included below:

UGA continues to address the critical issue of protecting and securing sensitive and critical data through a risk management plan called SecureUGA. This plan reflects a role-based security training and accountability model in which every individual, regardless of position, has a responsibility to protect and secure sensitive and critical data.

SecureUGA is comprised of three components: policy and processes; technology; and people. Policy sets the foundation to guide our process and action. Technological enhancements will protect, secure and build strong systems and infrastructure. People, the third and most important component, will be addressed through building awareness, and providing training and education.

Recognizing the importance of participation by the entire University community in the third component, individual faculty and staff will be required to participate in four (4) self-paced, on-line awareness presentations annually in addition to available voluntary participation in awareness and training offerings referenced at http://secure.uga.edu. Initial awareness-training modules scheduled to be released for 2008 on April 2nd will include:

Security in the Workplace

Your Role in SecureUGA

What is Sensitive Data?

Securing Portable Electronic Devices

Recognizing the role each of us has in protecting and minimizing risk in managing sensitive and critical data, participation in available self-paced presentations will be documented and from now forward the participation report will be sent annually the last week in November to unit and/or department leadership. With the increasing threat to data security and the breadth of attacks both internal and external to our systems and applications, it is incumbent that each employee takes responsibility for his or her individual piece of this data security initiative.

We look forward to your participation and support of this critical effort by the University as a community; there will never be a time we are totally protected, but it is critical that we do all we can to protect and secure our data and to be aware of those actions that we can take individually to reach this goal.

About the Office of the CIO and EITS
The Office of the Chief Information Officer and Enterprise Information Technology Services (EITS) are committed to the mission of UGA as a land-and-sea-grant institution where academics come first and the research extensive university community encourages research efforts at the undergraduate and graduate levels. To that end, under the direction of the University´s Chief Information Officer, EITS endeavors to provide a robust, reliable, and secure information technology infrastructure, maintain essential production services, and offer world-class support.

Search EITS