Information is everywhere in cyberspace, including information on your next vehicle purchase, medical symptoms, and our beloved Georgia Bulldogs.
This includes information about each of us.
"Access to information anytime and any place has created a world of opportunities for instruction, research, service, communication, and productivity, "said Sandi Glass, director of the College of Education Office of Information Technology and CIO Advisory Cabinet Chair. "But cyberspace is not always a safe place, and with this worldwide access to information comes increased risk of personal information getting in the wrong hands."
"SecureUGA was launched at UGA to reduce this risk, creating a comprehensive awareness, training, and, education program for everyone: students, faculty, and staff," said Brian Rivers, director of Security, Network Operations, and Infrastructure for Enterprise Information Technology Services.
Rivers and Glass are leading the SecureUGA charge, which actually dates back to 2005.
"Security Awareness, Training, and Education is the best return on our investment for lowering the risk of living and socializing in Cyberspace," said Stanton Gatewood, former chief information security officer at UGA and now serving that same role for the University System of Georgia.
During Gatewood's tenure at UGA, Provost Mace launched the comprehensive Securing Sensitive Data Initiative in 2005. This initiative included a risk assessment of all UGA technology assets; an inventory tracking process, known as ASSETS, to assist in security these assets; and a SATE component, which was the impetus for SecureUGA.
"We need to be very careful with our computers, laptops, and PDAs and the private information which may be on them," said Glass.
To help us all be more careful, Glass and Rivers have used Web development and training resources in the College of Education to develop a series of training presentations. These presentations are accessible from the SecureUGA Web site.
"All faculty, administrators, and staff, including student workers, are required to complete four awareness modules by November 30, 2008," said Glass. "Everyone, including all students, will benefit greatly from the presentation modules. At this time, student participation is not required but strongly encouraged."
The four modules required for completion by November 30 are:
- Security in the Workplace
- Your Role in SecureUGA
- What is Sensitive Data?
- Securing Portable Electronic Devices
"In addition to the four required modules, there are a number of others that include important information related to information security at UGA," said Brian. "The module E-Mail and Web Security, for example, provides excellent information on avoiding phishing scams."
The additional modules will be required in 2009, according to Rivers, who also said that everyone is encouraged to take the additional modules at their earliest convenience and will receive full credit toward compliance with future participation requirements.
SecureUGA is a role based security training and accountability model in which every individual, regardless of position, has a responsibility to protect our sensitive and critical data. SecureUGA is comprised of three components: policy and procedures, technology, and people. Policy sets the foundation to guide our process and action. Technological enhancements will build strong systems and infrastructure. The third and most important component, people, will be addressed via awareness, training, and education.