Overview

The term “information security” usually refers to the process of protecting data from accidental or intentional misuse by persons inside or outside of an organization.   Information security involves technical protection (for example, network or desktop security), but implicates physical security issues as well (locking doors and cabinets). 

The effect of unauthorized access and use of information is costly.  Some of these costs include lost productivity, due to unavailability of breached information resources; labor and material costs associated with information technology staff’s detection, containment, repair, and reconstitution of information; loss of trust in the organization through negative publicity; and costs associated with notifying affected people when personal data is compromised.

Not only does it make good business sense to protect information, there are also several laws and regulations that require USC to protect information from unauthorized use and disclosure.  Legally protected categories of information include:

• Education records:  Under the Family Educational Rights and Privacy Act of 1974, or “FERPA”, USC must protect all files, documents, or other materials directly related to a student and maintained by USC.

• Protected Health Information:  Under the Health Insurance Portability and Accountability Act of 1996, or “HIPAA”, USC must protect information that relates to an individual’s physical or mental health condition or to payment for health care.

• Personal information:  Under California law, USC is required to disclose any computer security breaches when it has a reasonable belief that the individual’s personal information (e.g., social security number, financial account information) has been improperly acquired through a security incident such as a hack or other breach. 

• Customer Information:  Under a federal law known as the Gramm-Leach Bliley Act, USC must protect personally identifiable financial information that it collects about an individual in connection with providing a financial product or service, such as financial aid or faculty housing loans.

• Personnel records: These records are protected under state law, and include offer letters, employment records, salaries, fringe benefits, and other personnel information.

• Research records:  These records may be protected by copyright, trademark, trade secret, patent or other intellectual property laws.

The Office of Information Security’s purpose is to assist the university’s schools and departments in better protecting and securing the information they create, store, and transmit electronically and physically.  It does so through:

• Providing education

• Developing and implementing policies and procedures

• Monitoring and auditing compliance with information security requirements

• Serving as a contact in the event of information security breaches

• Working with USC’s Information Services Division (ISD) and Administrative Information Services (AIS) to address information security issues.

Click on any of the links below to learn more about the education, resources, and other information the Office of Information Security provides to the USC community to assist it in meeting its responsibility to protect and secure information.

• Personal Information Security
  • Classes
  • Web-Based Courses
  • Web-Based Videos
  • Tools and Resources
  • Brochures, Forms, and Guides
  • USC Policies

• Laptop Security

• Network Security
  • Classes
  • Web-Based Courses
  • Web-Based Videos
  • Tools and Resources
  • Brochures, Forms, and Guides
  • USC Policies

• Server Security
  • Classes
  • Web-Based Courses
  • Web-Based Videos
  • Tools and Resources
  • Brochures, Forms, and Guides
  • USC Policies

• Encryption
  • Classes
  • Web-Based Courses
  • Web-Based Videos
  • Tools and Resources
  • Brochures, Forms, and Guides
  • USC Policies

• Physical Security
  • Classes
  • Web-Based Courses
  • Web-Based Videos
  • Tools and Resources
  • Brochures, Forms, and Guides
  • USC Policies