/Institutions/United-States-University/json/current/Policy-and-Procedure-Manual-local.json

/Institutions/United-States-University/json/current/Policy-and-Procedure-Manual.json

602-2 - Information Security

Title:	Information Security
Owner:	Office of Information Technology
Last Updated/Revised:	07/01/2024

Policy: The Aspen Group, Inc. (AGI) set the policies that operate and safeguard the organization's and university's information and information systems to reduce the risk, and minimize the effect of security incidents. As part of the policies, security controls must be implemented to protect all information assets, including hardware, systems, software, and data. These controls must be designed to ensure compliance with all federal legislation, policies and standards (e.g., by managing risk; facilitating change control; reporting and responding to security incidents, intrusions, or violations).

Purpose: The purpose of the Information Security Policy is to appropriately manage the information security risk to the enterprise by creating and managing security policies.

Scope: The scope of the Information Security Policy covers all of the applications, systems; networks and data center facilities managed by the Office of Information Technology.

Documents and Forms:

• Information Security Manual (available in the Office of Information Technology)
• Disaster Recovery Plan (available in the Office of Information Technology)