Secure Carolina

Project Goals
# Goal Status
1 Review and update university level information security policy, standards, and procedures.
  • Data Access Requirements and Data Security Requirements documents approved and posted.
  • Draft changes to the university policy UNIV 1.50 for executive level review.
  • Draft Privacy Policy submitted for executive level review
  • 901.3 Sensitive Data Security Procedures updated and published
  • Completion of Information Security Program maturity self-assessment.
2 Examine the feasibility of designating a Data Trustee and Steward for Personal Data.
  • Decision on establishment of a Data Trustee and Steward for Personal Data
4 Discover, assess, and address Social Security numbers and payment card numbers in storage on all university IT devices.
  • Discovery solution in production March 2015. All relevant documentation communicated and made available university wide
  • Encryption solution in pilot
  • Secure File Sharing solution in design
5 Establish new training and certification standards for those who administer or access university information assets.
  • Published certification standards and training program for system administrators
  • User security awareness training program for faculty and staff university wide December 2014
6 Develop a process to discover, assess, and address existing information security risks in all university information assets.
  • Published critical server / log assessment criteria documents August 2013
  • Vulnerability Management Standard published and communicated February 2015
7 Implement proactive scanning and monitoring for critical systems and processes, to discover risks and active threats to university information assets.
  • Framework (Established Infrastructure) is in place
  • Agent deployed. All relevant documentation communicated and made available university wide March 2015.
  • Onboarding identified source systems
8 Ensure the integration of appropriate information security provisions and processes in all UTS IT processes, projects, systems, and staff.
  • Working with UTS partners on all initiatives
  • Enterprise service contract for professional breach management support services and security breach professional investigative services are in place.
9 Ensure the integration of appropriate information security provisions and processes in all university IT acquisitions and development efforts.
  • Updates to 901.1 Procurement and Contracts Procedure published Feb 2015
10 Ensure the integration of appropriate information security provisions and processes in the university’s enterprise IT projects, systems, and staff (e.g. OneCarolina, Banner, Mainframe).
  • Formally documented provisions and processes for OneCarolina phase I
11 Assist university business and academic units in establishing local security and privacy procedures compliant with university level procedures.
  • Published Information Security Plan Guide (Executive and Technical) 2013
  • Interaction with business and academic units is ongoing
12 Establish processes for periodic review of information security standards, and procedures.
  • Initial review performed May - Nov 2013
  • Review process and formalized thresholds have been established
13 Establish processes for periodic assessment and/or auditing of university units for compliance with established information security procedures.
  • Map the Information Security standards to the Audit framework
  • Fill open positions
  • Complete a high level risk assessment
14 Develop a strategy for implementing a centralized university system for Identity and Access Management (IAM).
  • Multi-factor authentication service in production March 2015. All relevant documentation communicated and made available university wide
15 Develop a strategy for supporting information security regulatory requirements in research.
  • Currently on-hold until resources are available
Columbia, SC 29208 803-777-1246
© University of South Carolina Board of Trustees