11.4 MGA Cybersecurity Policy: Middle Georgia State University Policies

11.4 MGA Cybersecurity Policy

1.0 Overview

Cybersecurity ensures the protection of institutional data, systems, and networks against unauthorized access, disclosure, alteration, and destruction. This policy establishes the framework for safeguarding MGA’s digital assets in compliance with USG and BOR standards.

2.0 Purpose

The purpose of this policy is to define MGA’s approach to cybersecurity governance, risk management, and compliance. It aims to protect the confidentiality, integrity, and availability of institutional data and IT resources, while meeting regulatory and contractual obligations.

3.0 Scope

This policy applies to all Middle Georgia State University information systems, institutional data, and technology resources, as well as all employees, students, contractors, and third parties who access or manage these resources.

4.0 Policy

Middle Georgia State University (MGA) shall manage all institutional data with appropriate levels of confidentiality, integrity and availability, and in compliance with existing laws, rules, regulations, and BOR (BOR) of the University System of Georgia policies and procedures pertaining to cybersecurity.

As directed by the USG IT Handbook, The Chief Information Security Officer (CISO) will be responsible for establishing, maintaining, and reporting on cybersecurity roles, responsibilities, policies, standards, and procedures.

Cybersecurity policies, standards and procedures must be approved by the Chief Information Officer (CIO). Additional approvals are required for standards and policies. The Functional Data Governance Committee must approve standards. The cabinet must approve policies.

5.0 Enforcement

Compliance with this policy is mandatory. MGA will monitor adherence through audits, system reviews, and incident investigations. Non-compliance may result in corrective actions including access restrictions, mandatory training, and reporting to appropriate authorities. Disciplinary measures will follow applicable BOR policies, USG guidelines, and state or federal laws. MGA reserves the right to suspend or terminate access to institutional systems when violations pose security risks.

6.0 Definitions

Confidentiality: Protection against unauthorized disclosure of information.
Integrity: Assurance that data is accurate and unaltered.
Availability: Ensuring systems and data are accessible when needed.
Cybersecurity Incident: Any event that compromises the confidentiality, integrity, or availability of information systems.