Policies

Incident Response

Georgia Southern University and all University System of Georgia (USG) institutions are required to maintain a Computer Security Incident Response (CSIR) plan. This plan helps manage adverse events that threaten teaching, research, and operations. It follows USG policies, industry best practices, and ISO and NIST guidelines, and must be on file with USG Information Security & ePrivacy (per IT Handbook Section 5.10).

The Office of Information Security responds to all reports of abuse or suspected compromise involving Georgia Southern IT resources. An IT incident includes any activity that:

  • Violates laws, regulations, or University policies
  • Constitutes harassment or misuse of resources
  • Compromises University data or disrupts services

For questions or to report an incident, contact security@georgiasouthern.edu.

Cybersecurity Awareness & Training

With so much of our work and communication happening online, cybersecurity is critical. To help protect our community, the USG requires all employees to complete cybersecurity awareness training twice annually (April and October).

Training covers best practices to reduce risks like phishing, malware, and data breaches and is available in the Folio Learning Management System, accessible via the MyGeorgiaSouthern dashboard.

Risk Management

Risk management is the process of identifying, assessing, and reducing risks to acceptable levels while balancing costs and protections. Departments and IT users must understand and manage risks in their environment, both as a best practice and often as a legal requirement.

The goal is to maintain an economic balance between the costs of protective measures and the value of protected assets.

IT Policies & Standards

Georgia Southern University’s policies and standards ensure the protection of critical information and compliance with federal, state, and local regulations. They also provide direction and expectations for all IT users.

Vulnerability Management

Vulnerability management helps protect University systems by identifying and fixing weaknesses before they can be exploited. Georgia Southern uses QualysGuard to scan networks and systems for known vulnerabilities (e.g., CERT, CIAC, SANS advisories).

Firewall Exemption Requests

IT Services maintains a campus-wide firewall to secure data. System administrators who need internet access for a server can submit a Firewall Exemption Request. Learn more and submit a request.

IT Security Reviews

The Office of Information Security offers security reviews to help departments discover and address potential risks. Reviews are especially important for areas governed by specific regulations like PCI (credit card data) or HIPAA (health information).

To request a security review, email security@georgiasouthern.edu.