Secure Carolina

Project Goals
# Goal Status
1 Review and update university level information security policy, standards, and procedures.
  • Data Access Requirements and Data Security Requirements documents approved and posted.
  • Draft changes to the university policy UNIV 1.50 provided for executive level review.
  • Draft Privacy Policy submitted for executive level review
  • Completion of Information Security Program maturity self-assessment.
2 Examine the feasibility of designating a Data Trustee and Steward for Personal Data. Decision on establishment of a Data Trustee and Steward for Personal Data
4 Discover, assess, and address Social Security numbers and payment card numbers in storage on all university IT devices. In Design Phase - piloting deployable agents
5 Establish new training and certification standards for those who administer or access university information assets.
  • Published certification standards¬† and training program for system administrators
  • User security awareness training program for faculty and staff has begun
6 Develop a process to discover, assess, and address existing information security risks in all university information assets.
  • Published critical server / log assessment criteria documents
  • Vulnerability procedures will published in the next updated standards.
7 Implement proactive scanning and monitoring for critical systems and processes, to discover risks and active threats to university information assets.
  • Framework (Established Infrastructure) is in place
  • Agent has been deployed on software distribution for university departments to install.
8 Ensure the integration of appropriate information security provisions and processes in all UTS IT processes, projects, systems, and staff.
  • Working with UTS partners on all initiatives
  • Enterprise service contract for professional breach management support services and security breach professional investigative services are in place.
9 Ensure the integration of appropriate information security provisions and processes in all university IT acquisitions and development efforts. Acquisition requirements have been published
10 Ensure the integration of appropriate information security provisions and processes in the university’s enterprise IT projects, systems, and staff (e.g. OneCarolina, Banner, Mainframe). Formally documented provisions and processes for OneCarolina phase I
11 Assist university business and academic units in establishing local security and privacy procedures compliant with university level procedures.
  • Published Information Security Plan Guide (Executive and Technical)
  • New Security Program Implementation Guide and tools in development
  • Interaction with business and academic units is on-going
12 Establish processes for periodic review of information security standards, and procedures.
  • Initial review was performed May - Nov 2013
  • New Security Program Implementation Guide and tools in development
13 Establish processes for periodic assessment and/or auditing of university units for compliance with established information security procedures. Mapped the Information Security standards to the Audit framework
14 Develop a strategy for implementing a centralized university system for Identity and Access Management (IAM). In design phase of a multi-factor authentication service
15 Develop a strategy for supporting information security regulatory requirements in research. Currently on-hold until resources are available

 

 

Columbia, SC 29208 803-777-1246
© University of South Carolina Board of Trustees