Security

Cybersecurity refers to preventative methods used to protect information and information systems from unauthorized access, compromise or attack. Cybersecurity requires an understanding of potential threats and utilizes strategies that include, for example, identity management, risk management and incident management.

USG institutions must ensure that data is being secured effectively by following these minimum requirements.

Safeguards

Classification

  • Safeguards - Includes the policies, procedures, requirements, and practices that are necessary for maintaining a secure environment for the storage and dissemination of information.

  • Classification - Because data must be protected from unauthorized use, access, disclosure, modification, loss or deletion, each USG institution must classify each record. When classifying a collection of data, the most restrictive classification of any of the individual elements should be used based on a classification structure required by regulations governing specific data domains as well as USG and AU policies. 

  • Access Procedures - Processes to ensure secure and appropriate access to data and information systems, and to the data used, processed, stored, maintained and/or transmitted in and through those systems is essential to protect the institution against cybersecurity threats and dangers. 

  • Segregation & Separation of Duties In addition to having a well-organized and defined data governance structure, USG organizations must ensure that its organizational structure, job duties, and business processes include an adequate system of separation of duties (SOD) taking into account a cost-benefit and risk analysis.