|TITLE: Information Security||ID:|
|ORIGINATOR: Information Security Office||DATE: Jan 5, 2005|
|REVIEWED: President's Council||DATE: Feb 16, 2005|
|APPROVED: Raymond S. Greenberg, MD, PhD||DATE: Feb 16, 2005|
|IMPLEMENTATION: Enterprise-wide||DATE: Feb 16, 2005|
Please refer to MUSC Information Security Rationale: The Need for Safeguards for an overview of the legal and ethical considerations that have motivated the development of this policy. The following laws and regulations have particular relevance:
MUSC's information is an important asset. Appropriate safeguards are required to protect MUSC's information assets against reasonably anticipated threats to their availability, integrity, and confidentiality.
All faculty, students and staff share in the responsibility for the protection of all of MUSC's information assets.
The protection of each of MUSC's information resources must be based upon sound risk management principles, to ensure that protective measures are reasonable and appropriate, and are commensurate with the value, sensitivity, and criticality of the resource. In addition, protective measures must meet all applicable regulatory and legal requirements.
This policy applies across all the entities that comprise the MUSC Enterprise. It applies to all information resources, whether on campus or accessed from remote locations. These resources include all information, data, computers, computer systems, and networks, that are acquired, developed, or maintained in direct or indirect support of MUSC's mission.
The Office of the CIO (OCIO) for the MUSC Enterprise will designate an Enterprise Information Security Officer (ISO), to whom the following responsibilities are assigned:
From its inception, each Information System that is implemented and used within the MUSC Enterprise must have a designated Owner. The Owner of an Information System is responsible for:
The Owner of each Information System within the MUSC Enterprise must designate a System Administrator, who is responsible for:
All faculty, students and staff across the MUSC Enterprise are responsible for:
Any employee of any Entity within the MUSC Enterprise who violates an information security policy is subject to disciplinary action, as specified in the Human Resource policies and procedures for the Entity.
Any MUSC faculty member who violates an information security policy is subject to disciplinary action, following the procedures specified in the MUSC Faculty Handbook.
Any MUSC student who violates an information security policy is subject to disciplinary action, following the procedures specified in the MUSC Bulletin.
This policy will be maintained and published electronically by the Information Security Office. This policy is a public document and there are no restrictions on its distribution.