Incident Response
Georgia Southern University and all University System of Georgia (USG) institutions are required to maintain a Computer Security Incident Response (CSIR) plan. This plan helps manage adverse events that threaten teaching, research, and operations. It follows USG policies, industry best practices, and ISO and NIST guidelines, and must be on file with USG Information Security & ePrivacy (per IT Handbook Section 5.10).
The Office of Information Security responds to all reports of abuse or suspected compromise involving Georgia Southern IT resources. An IT incident includes any activity that:
- Violates laws, regulations, or University policies
- Constitutes harassment or misuse of resources
- Compromises University data or disrupts services
For questions or to report an incident, contact security@georgiasouthern.edu.
Cybersecurity Awareness & Training
With so much of our work and communication happening online, cybersecurity is critical. To help protect our community, the USG requires all employees to complete cybersecurity awareness training twice annually (April and October).
Training covers best practices to reduce risks like phishing, malware, and data breaches and is available in the Folio Learning Management System, accessible via the MyGeorgiaSouthern dashboard.
Risk Management
Risk management is the process of identifying, assessing, and reducing risks to acceptable levels while balancing costs and protections. Departments and IT users must understand and manage risks in their environment, both as a best practice and often as a legal requirement.
The goal is to maintain an economic balance between the costs of protective measures and the value of protected assets.
IT Policies & Standards
Georgia Southern University’s policies and standards ensure the protection of critical information and compliance with federal, state, and local regulations. They also provide direction and expectations for all IT users.
- IT Appropriate Use Policy (AUP): Defines acceptable use of University technology and data. View the AUP
- Georgia Southern IT Policies: IT Policy Site
- USG IT Policies: USG Policy Site
Vulnerability Management
Vulnerability management helps protect University systems by identifying and fixing weaknesses before they can be exploited. Georgia Southern uses QualysGuard to scan networks and systems for known vulnerabilities (e.g., CERT, CIAC, SANS advisories).
Firewall Exemption Requests
IT Services maintains a campus-wide firewall to secure data. System administrators who need internet access for a server can submit a Firewall Exemption Request. Learn more and submit a request.
IT Security Reviews
The Office of Information Security offers security reviews to help departments discover and address potential risks. Reviews are especially important for areas governed by specific regulations like PCI (credit card data) or HIPAA (health information).
To request a security review, email security@georgiasouthern.edu.