Summary
To effectively mitigate risks in the ever-changing world of cybersecurity, organizations must define strategies for protecting the confidentiality, integrity, and availability of system data and resources. These strategies must then be implemented through the creation of formal, written policies in which security-related requirements are established to govern the organization’s systems, data, and processes. Therefore, the success of an information security organization is often largely dependent upon the effectiveness of the foundational policies that guide the organization’s operations.
ITS Policy Refresh (EM16, ITS Standards)
Executive Memorandum 16, the Policy for Responsible Use of University Computers and Information Systems, has been modernized and key policy clauses from other ITS policies incorporated in to the policy. It will then reference associated standards documents that provide additional related information, practices, and procedures. This structure will simplify the library of IT policies and standards, making it easier for campus constituents to find relevant information and support the more regular updates required to keep pace with the evolving IT threat landscape.
These policies and standards are to be applied to all University services, stakeholders, constituents, and affiliates. Due to the unique partnership that the University of Nebraska Medical Center maintains with Nebraska Medicine, UNMC may be explicitly excluded from clauses where conflicting language, practices, or procedures exist with Nebraska Medicine’s published documents.
The ITS Policy Refresh reflects a desired future state for the organization. Currently not all the necessary organizational and technical systems are in place to meet the requirements in the new or revised policies. ITS senior leadership has determined a strategy and timeline for the implementation of the organizational and technical systems necessary to for all areas of the organization to meet and enforce the key risk reduction requirements included in this ITS Policy Refresh.