11.4 MGA Cybersecurity Policy

MGA POLICY NUMBER: Technology: 11.4

MGA POLICY NAME: Cybersecurity

POLICY: Middle Georgia State University (MGA) shall manage all institutional data with appropriate levels of confidentiality, integrity and availability, and in compliance with existing laws, rules, regulations, and Board of Regents (BOR) of the University System of Georgia policies and procedures pertaining to cybersecurity.

CONTEXT:

This policy applies to

  • All MGA units
  • All MGA University employees, students, and third parties employed by or doing business with, Middle Georgia State University.

As directed by the USG IT Handbook, The Chief Information Security Officer (CISO) will be responsible for establishing, maintaining, and reporting on cybersecurity roles, responsibilities, policies, standards, and procedures.

Cybersecurity policies, standards and procedures must be approved by the Chief Information Officer (CIO). Additional approvals are required for standards and policies. The Functional Data Governance Committee must approve standards. The cabinet must approve policies.

ADMINSTRATIVE AND ADDITIONAL RESOURCES:

  • Short Title: “Cybersecurity”
  • Original Draft Date: 11/25/19
  • Previous Version: N/A
  • Oversight: Chief Information Officer and Chief Information Security Officer

Additional Resources:

  • USG Business Procedures Manual
  • University System of Georgia Business Records Management and Archives Policies
  • University System of Georgia Board of Regents Policy Manual: Ethics Policy
  • University System of Georgia Board of Regents Policy Manual: Cybersecurity
  • University System of Georgia Information Technology Handbook
  • Georgia’s Open Records Act OCGA § 50-18-70
  • Family Education Rights and Privacy Act (FERPA)
  • U.S. Department of Health and Human Services Health Information Probability and Accountability Act (HIPAA)
  • Gramm-Leach-Bliley Act (GLBA)
  • General Data Protection Regulation (GDPR)

Associated MGA Policies and Procedures:

  • MGA Cybersecurity Plan
  • MGA Data Classification Procedures
  • MGA Records Management Policy
  • MGA Data Governance Charter
  • MGA Open Records Procedures
  • MGA FERPA Policy
  • MGA HIPAA Procedures
  • MGA GLBA Procedures
  • MGA GDPR Procedures
  • MGA Privacy Standard