Statement of UNCG Information Security Standards
UNCG is using the ISO27002 (International Organization for Standardization) as the information security management standard for the institution. Best practice configurations are taken from appropriate National Institute for Standards and Technologies (NIST) configuration documents. UNCG's IT security policies (Information Security Policy, Data Classification Policy, Enterprise Systems Policy, Wireless Communications Policy, Personal Information Security Breach Notification Policy, and Acceptable Use of Computing and Electronic Resources Policy) were developed with the ISO17799 (the predecessor to ISO27002) as the basis.
UNCG's Information Security Officer is working with other UNC System institutions to develop a UNC System-wide security manual based on ISO27002. Until the new manual is completed, UNCG uses appropriate sections and concepts from the State's "Statewide Information Security Manual" to address areas not covered by UNCG's IT security policies.
Reviewed by Chancellor Linda Brady and Executive Staff, 11/29/10
Questions can be directed to:
James Clotfelter, Vice Chancellor for Information Technology Services & Chief Information Officer (CIO)
Chuck Curry, University Information Security Officer