Information Security
Clayton State University recognizes that information and information systems are critical to business functions. It is the responsibility of all users to ensure the safeguarding of business assets as our front line of defense. Information Technology Services (ITS) Security works with university departments, units, and executives in achieving its strategic vision as a partner to the campus community and educator in security awareness and training.
In today’s interconnected world, privacy concerns have become a global issue. Bad actors, including cybercriminals and foreign entities, regularly exploit digital vulnerabilities to breach networks, steal sensitive information, and undermine trust in public institutions. These risks are particularly serious in higher education, where we manage not only institutional operational data but also the personal information of our students, faculty, and staff. Robust security measures are essential to safeguard privacy and maintain the integrity of university systems.
As part of a continued effort, Governor Kemp’s administration has updated the list of prohibited apps and websites. In addition to TikTok, WeChat, and Telegram, the following apps are now also disallowed from use on any state-owned and/or -issued devices, including but not limited to mobile phones, laptops, and tablets:
- RedNote (social media app)
- DeepSeek (AI chatbot)
- Webull (online stock trading)
- Tiger Brokers (online stock trading)
- Moomoo (investing app)
- Lemon8 (social media app)
Applications such as the above list originate from foreign companies with unclear data handling and privacy practices which pose an unacceptable risk to university networks, systems, and institutional data. Therefore, these applications are prohibited on all State owned and USG-managed devices unless required for an authorized law enforcement or security purpose.
IMPORTANT: employees must not use any of these apps on devices--personal or institutional (Foundations)--that are used to access sensitive or restricted University/USG data, including but not limited to health records, financial data, or personally identifiable information.
What is Information Security?
The term Information Security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
The Division of Information Technology Services (ITS) supports the mission of Clayton State University by building a culture of security awareness and risk management to protect the privacy, confidentiality, integrity, and availability of student, faculty, and staff information in partnership with Data Governance:
- Confidentiality: Preventing the intentional or unintentional unauthorized disclosure of data.
- Integrity: ensuring no modifications to data by unauthorized personnel or processes and ensuring internal and external data are consistent and accurate.
- Availability: ensuring the reliable and timely access to data or computing resources by personnel.
What is Cybersecurity?
Cybersecurity is protecting information and information systems by preventing, detecting, and responding to attacks.
The cybersecurity landscape continues to change with threat actors becoming more aggressive in their attacks. Information Security is committed to securing the University’s information assets by creating a more educated and secure campus through institutional partnerships.
Cybersecurity is EVERYONE'S responsibility.
Security Awareness
Learn to Identify Common Techniques
Phish Tank
Phishing
Phishing is a malicious practice used to trick unsuspecting individuals into sharing personal information by using fraudulent emails and claiming to be from reputable companies.
Ways to spot a Phish:
- Phishing emails may contain improper grammar or spelling.
- Look for interesting, emotional pleas asking you to take any action, such as clicking a link.
- Be aware phishing emails disguise themselves as popular sites such as in banking or
social media.
- (Example: www.banofamerika.com)
- An email requesting sensitive information—never give personally identifiable information.
Caught a PHISH??? Send it to the PHISHTANK!!! ~ phishtank@clayton.edu
- Forward the full phishing email to phishtank@clayton.edu
Remember, Lakers! Cybersecurity is a team endeavor.
- Cybersecurity starts with YOU and is everyone’s responsibility.
- Ask for Help - Contact the HUB—(678) 466-4357.
- Or send an email—thehub@clayton.edu
For more information go to PHISHING webpage.
Identity Theft Protection
Identity Management
Identity management is an important aspect of information technology security. Employee
logins are requested by Human Resources at the time of hire and are terminated when
Human Resources notifies ITS the person is no longer employed. Accounts will not be
created without Human Resources requesting them.
All users, whether internal, external, or temporary, and their activity on all IT
systems should have User Ids that:
- are uniquely identifiable
- are enabled through appropriate authentication mechanisms.
- are assigned access rights to all systems and data in line with defined and documented business needs and job requirements.
- are only requested by user management, approved by system owners, and implemented by the appropriate local security administrator.
Cybersecurity Awareness Training
Must be completed by all Faculty and Staff
Cybersecurity awareness training is mandated by the Board of Regents in accordance with the USG IT Handbook: 5.9.2 Security Awareness, Training and Education Requirements for all users who access information or information systems. The University System of Georgia (USG) cannot ensure the confidentiality, integrity, and availability of the data asset until each person in the university system understands their roles and responsibilities and all data users have completed training to perform these tasks.
Awareness training will be conducted, attendance is mandatory, completion is documented and will provide practical and simple guidance pertaining to user roles and responsibilities. The governor’s directive for bi-annual cyber training is to achieve high standards system-wide and diligence in the protection and privacy of all data assets managed on a day-to-day basis.
Incident Reporting?
All users of information technology owned or managed by CLSU must immediately report suspected information security incidents (including but not limited to virus infections and computers exhibiting behavior consistent
with a compromised machine) to the HUB:
• Events, incidents, and potential breaches (i.e., lost/stolen laptop or external
thumb drive) to the HUB at (678) 466-4357 or thehub@clayton.edu
• In events, incidents, and potential/confirmed breaches involving Clayton State University
data stored, accessed, managed, or otherwise used by a vendor, the CIO/ Information
Security (IS) will involve Legal Counsel, Chief Data Officer, and Procurement Services
to provide guidance and to determine if there is also a breach of contract that needs
to be pursued. Incidents involving vendors, Information Security and/or the vendor will notify USG Cybersecurity through the Enterprise Service Desk helpdesk@usg.edu at 706-583-2001, or 1-888-875-3697 (Toll free within Georgia).
• Events, incidents, and potential breaches reported to Clayton State personnel by vendors must report the incident to USG Cybersecurity through the Enterprise Service Desk
helpdesk@usg.edu at 706-583-2001, or 1-888-875-3697 (Toll free within Georgia) and the HUB at (678)
466-4357 or thehub@clayton.edu.
Alerts & News
FACULTY/STAFF
AZURE MULTI-FACTOR AUTHENTICATION
ITS POLICY and STANDARDS LIBRARY
USG CYBER TRAINING PLATFORM