Secure Carolina

Project Goals
# Goal Status
1 Review and update university level information security policy, standards, and procedures.
  • Data Access Requirements and Data Security Requirements documents approved and posted.
  • Draft changes to the university policy UNIV 1.50 for executive level review.
  • Draft Privacy Policy submitted for executive level review
  • 901.3 Sensitive Data Security Procedures updated and published
  • Completion of Information Security Program maturity self-assessment.
2 Examine the feasibility of designating a Data Trustee and Steward for Personal Data.
  • Decision on establishment of a Data Trustee and Steward for Personal Data
3 Discover, assess, and address Social Security numbers and payment card numbers in storage on all university IT devices.
  • Discovery solution in production March 2015. All relevant documentation communicated and made available university wide
  • Encryption solution in production
  • Secure File Sharing solution available for early adopters
4 Establish new training and certification standards for those who administer or access university information assets.
  • Published certification standards and training program for system administrators
  • User security awareness training program for faculty and staff university wide December 2014
5 Develop a process to discover, assess, and address existing information security risks in all university information assets.
  • Published critical server / log assessment criteria documents August 2013
  • Vulnerability Management Standard published and communicated February 2015
6 Implement proactive scanning and monitoring for critical systems and processes, to discover risks and active threats to university information assets.
  • Framework (Established Infrastructure) is in place
  • Agent deployed. All relevant documentation communicated and made available university wide March 2015.
  • Onboarding identified source systems
7 Ensure the integration of appropriate information security provisions and processes in all UTS IT processes, projects, systems, and staff.
  • Working with UTS partners on all initiatives
  • Enterprise service contract for professional breach management support services and security breach professional investigative services are in place.
8 Ensure the integration of appropriate information security provisions and processes in all university IT acquisitions and development efforts.
  • Updates to 901.1 Procurement and Contracts Procedure published Feb 2015
9 Ensure the integration of appropriate information security provisions and processes in the university’s enterprise IT projects, systems, and staff (e.g. OneCarolina, Banner, Mainframe).
  • Formally documented provisions and processes for OneCarolina phase I
10 Assist university business and academic units in establishing local security and privacy procedures compliant with university level procedures.
  • Published Information Security Plan Guide (Executive and Technical) 2013
  • Interaction with business and academic units is ongoing
11 Establish processes for periodic review of information security standards, and procedures.
  • Initial review performed May - Nov 2013
  • Review process and formalized thresholds have been established
12 Establish processes for periodic assessment and/or auditing of university units for compliance with established information security procedures.
  • Map the Information Security standards to the Audit framework
  • Fill open positions
  • Complete a high level risk assessment
13 Develop a strategy for implementing a centralized university system for Identity and Access Management (IAM).
  • Multi-factor authentication service in production March 2015. All relevant documentation communicated and made available university wide
14 Develop a strategy for supporting information security regulatory requirements in research. Currently on-hold until resources are available
Columbia, SC 29208 803-777-1246
© University of South Carolina Board of Trustees