With rapid and continuing technology advances, the Information Security Office (ISO) is implementing the University’s Information Security (IS) program to establish security measures to protect the information technology infrastructure and provide a sustainable consistent approach to information security safeguards and measures that can be replicated across paper and electronic files, systems, and transactions.
The IS program provides the framework and practices for all business functions, departments, faculty, staff, and students to use in securing their information. It is also designed to provide direction and assistance for developing and implementing information security controls that reduce the risk to VSU information regardless of the medium containing the information.
The following principles guide the development and implementation of the VSU Information Security Program.
VSU Information Security Program
- The VSU Information Security program is and shall continue to be designed to:
- Ensure the confidentiality, integrity and availability of VSU information;
- Protect against any anticipated threats or hazards to the security or integrity of the information; and
- Protect against unauthorized access to or use of the information that could result in substantial harm or inconvenience to anyone.
- VSU sensitive information is:
- A critical asset that shall be protected; and
- Restricted to authorized personnel for official use.
- VSU recognizes that Information Security is:
- A cornerstone of maintaining public trust;
- Managed to address both business and technology requirements;
- Risk-based and cost-effective;
- Aligned with VSU priorities, industry best practices, and government requirements;
- Directed by policy but implemented by business owners; and
- Applied holistically, regardless of medium.