Georgia Institute of Technology

• Directories
• Campus Map

• "How-To" Central
• Ethics
• PCard
• Vacation/Sick Leave
• Travel
• Information Security
• Check Requests

Information Security and Data / Asset Stewarding

Does this apply to me?

• You bet! If you use Institute information or equipment, this applies to you.

What do I need to know?

• Key areas of risk - what to avoid or watch for
• Quick tips - the essential information, and links to more
• Relevant Policies

---

Key areas of risk:

• Loss of equipment (computers, hard drives, instrumentation, etc.)
• Unauthorized access / use of personal information about students, employees, affiliates, or friends of the Institute
• Technology breaches to Institute systems, including individual computers or laptops

Back to top

---

Quick tips:

• “Data stewardship” defined as the prudent management of Georgia Tech’s data.
• To report a security incident please email security@gatech.edu or use our Online Reporting Site.
• To contact Information Security for anything else, please call 404-385-IS00 (4700).
• The Internal Control Guide has a great deal of helpful information (Section 5 - Information Security Risks)
• For OIT's complete set of unit level security guidelines, click here. Here are some key tips from this site:
  • As a user, you should:
    • Become familiar with the applicable computer policies.
    • Do not download or install new software on systems before contacting your technical lead.
    • Complete the online information security tutorial.
    • Only give personal information on secured websites, when absolutely necessary and never via email.
    • Log off or lock your keyboard when stepping away from your work area.
    • Report security problems, issues, or misuse to your technical lead.
    • Do not share your password with anyone.
    • Shred documents with personal information before discarding.
  • As a server or desktop administrator, you should:
    • Install host-based firewalls.
    • Limit access to systems only to those who need access.
    • Create strong passwords and change them every 90 days.
    • Install operating system and application patches in a timely fashion.
    • Coordinate technology purchases, service offerings, security issues with the Technical Lead.
    • Install virus protection.
    • Back up systems and perform periodic restores
    • Review system logs for unauthorized access/attempts.
    • Scan your network(s) monthly and review the report.
    • Before you discard, transfer or surplus a computer, use a proven drive wipe method to erase the drive contents. In cases of sensitive data, remove and destroy the drive

Back to top

---

Relevant Policies:

These links will open a new page or tab.

• Georgia Tech Computer & Network Usage and Security Policy (Note: PDF link) - be familiar with Georgia Tech's Computer & Network Usage and Security Policy (CNUSP), because, as a user of the Georgia Tech network, you are responsible for following these rules and guidelines.
• Information on the Family Educational Rights and Privacy Act (FERPA)
• Georgia's Open Records Act - topics from Legal Affairs

Back to top

• Contact Us
• Legal & Privacy Info
• Accountability
• Site Map
• RSS 2.0

©2008 Georgia Institute of Technology :: Office of Organizational Development
631 Cherry Street, Savant Building, Atlanta, Georgia 30332-0206
Phone: (404)894-1146   Fax:(404)894-0409