Secure Carolina

SecureCarolina at a Glance
revised 30-Jul-2013

SecureCarolina will greatly improve the state of information security and privacy at the University of South Carolina, by involving all University personnel to enact bold improvements in University information systems and processes.

Objectives
SecureCarolina will achieve its goals by continuing development of the USC Information Security Program, which will ...

  1. Govern and regularly refine information security and privacy policy, and integrate improvements into University practices across all campuses and departments.
  2. Continually assess and manage information security risk at the University, through security operations and auditing processes.
  3. Implement a plan for information security and privacy training for University personnel.

Sponsors
USC IT Security
USC Internal Audit

Facilitators
OneCarolina
Data Stewards
Enterprise IT

Partners/Stakeholders
all campuses
all colleges
all schools
all departments

Scope of Assessments

  • servers
  • desktops
  • laptops
  • edevices
  • software
  • data
  • networks
  • business processes
  • personnel

SecureCarolina Project Progress

2013

Establish Website
Determine viability of Data Trustee / Steward for personal information
Approve Data Access and Security Policies, Requirements and Procedures
Complete phase I of server and computer hardware security

2014
Establish new security training and certification standards
Approve Data Privacy Policy
Integrate policies into
  • UTS framework
  • University enterprise IT projects
  • University IT acquisitions and development efforts
Establish process to discover, assess, address existing risks in university assets
Implement procedure for improved monitoring and scanning of critical systems
Complete phase II of server and computer hardware security
2015
Establish Local Security and Privacy Procedures at the university unit level
Establish process for review of information security and privacy policies, standards, and procedures
Develop strategy for identifying significant IT Risk in the university Annual Audit Plan
Establish strategy to implement centralized identity and access management
Establish strategy to support information security and privacy regulatory requirements in research

 

Columbia, SC 29208 803-777-1246
© University of South Carolina Board of Trustees