Strengthening Our Operations: Unified Technology & Security Capabilities
The Technology & Cybersecurity groups provide essential services to support EBSCO’s portfolio of business units. These requirements are crucial for ensuring compliance, mitigating risks, and enhancing operational efficiency. Business leaders are required to integrate these requirements to maintain consistency and uphold our organizational health.
Policies
System Access
Establishes standards for user identity, access, and account lifecycle management for information systems.
Policy Details >>System Inventory
Mandates an enterprise-wide inventory of all business information systems to ensure accountability and identify unauthorized devices.
Policy Details >>Internet Usage
Sets terms of use for internet access to protect business data, communications, and online reputation.
Policy Details >>IT Acceptable Use Agreement
Outlines user awareness and guidelines for acceptable use of EBSCO computers, devices, software, and network communications.
Policy Details >>Security Incident Response
Establishes rules for mitigating organizational risk through effective handling of information security incidents.
Policy Details >>Data Classification and Handling
Provides guidelines for identifying and safeguarding sensitive business information to comply with legal and industry standards
Policy Details >>Media Sanitization and Disposal
Sets guidelines for secure sanitization and destruction methods to protect sensitive information during media reallocation or disposal.
Policy Details >>Vulnerability Management
Ensures identification and mitigation of technical vulnerabilities through patching, configuration changes, or compensating controls.
Policy Details >>Phishing Awareness
Aims to protect EBSCO’s users and assets against phishing attempts and other malicious communications through awareness and training.
Policy Details >>BYOD
Establishes guidelines for employees using personal devices for work-related purposes, balancing productivity with security needs.
Policy Details >>Standards
Business Continuity & Disaster Recovery
To secure the continuity of operations, this standard requires the implementation of comprehensive business continuity and disaster recovery plans. These plans are designed to safeguard operations, critical systems, and assets, enabling swift recovery during adverse scenarios. Business units must develop and maintain these plans in alignment with the corporate standard.
Standard Details >>Generative AI Tools Standard
This standard defines the approved generative AI tools for use within EBSCO’s information technology environment. By adhering to the EBSCO’s Generative AI Tools Use Standard, employees ensure that the organization harnesses the transformative potential of AI technologies while upholding compliance with policy, ethical use of technology, data security and control, identifying and mitigating potential risks and harms associated with the use of generative AI tools, protecting both the organization and its stakeholders from adverse impacts.
Standard Details >>EBSCO Security MVP
This standard outlines the minimum-security controls needed to be in place as originated from the FBI guidelines for Small Midsize Businesses (SMB). It includes overlapping controls and policy provisions, as well as additional requirements that may not have escalated to the policy level but are still required. Business units must ensure these controls are implemented and maintained.
Standard Details >>Procedures
Cybersecurity Policy Approval
Any modifications to standard security policies must be reviewed and approved by the Information Security department to ensure consistency.
Procedure Details >>Services
When you see this checkmark that denotes a Service that is required. While all Policies, Standards, and Procedures are required some services are optional.
IT Governance, Risk & Compliance
Business units must utilize our IT Compliance services to set policies, establish controls, and measure compliance with relevant cyber and regulatory requirements (e.g., PCI DSS, NIST, ISO). This service encompasses IT Auditing, Business Continuity Planning & Management, and Data Privacy & Security, ensuring risks are identified, assessed, monitored, and managed across all organizational levels, including third-party risk and security requirements. The service includes regular IT audits, development and testing of business continuity plans, and implementation of data protection measures. Business units may develop their own versions of these policies and procedures, provided they meet or exceed corporate standards and receive approval.
Service Details >>Cyber Security & Incident Response
Business units are required to follow our cybersecurity policies and procedures to recognize and respond to existing and emerging threats. This service includes cybersecurity monitoring and security incident response to ensure appropriate defense and response to incidents. While corporate policies provide the framework, business units may adapt these to their specific needs, subject to review and approval by the corporate Cybersecurity team.
Service Details >>Breach Management & Remediation
Business units must engage our cross-functional team for managing cybersecurity incidents. This service combines Technology & Information Security expertise with Legal oversight to provide unified vigilance, tailored response options, and external component management. It's required for immediate breach response, forensic investigations, threat actor negotiations, and post-incident remediation to ensure organizational resilience and asset protection.
Service Details >>Business Continuity Planning & Management
Business units must utilize our IT Compliance services to set policies, establish controls, and measure compliance with relevant cyber and regulatory requirements (e.g., PCI DSS, NIST, ISO). This service encompasses IT Auditing, Business Continuity Planning & Management, and Data Privacy & Security, ensuring risks are identified, assessed, monitored, and managed across all organizational levels, including third-party risk and security requirements. The service includes regular IT audits, development and testing of business continuity plans, and implementation of data protection measures. Business units may develop their own versions of these policies and procedures, provided they meet or exceed corporate standards and receive approval.
Service Details >>IT Auditing
Business units must utilize our IT Compliance services to set policies, establish controls, and measure compliance with relevant cyber and regulatory requirements (e.g., PCI DSS, NIST, ISO). This service encompasses IT Auditing, Business Continuity Planning & Management, and Data Privacy & Security, ensuring risks are identified, assessed, monitored, and managed across all organizational levels, including third-party risk and security requirements. The service includes regular IT audits, development and testing of business continuity plans, and implementation of data protection measures. Business units may develop their own versions of these policies and procedures, provided they meet or exceed corporate standards and receive approval.
Service Details >>Data Privacy & Security
Business units must utilize our IT Compliance services to set policies, establish controls, and measure compliance with relevant cyber and regulatory requirements (e.g., PCI DSS, NIST, ISO). This service encompasses IT Auditing, Business Continuity Planning & Management, and Data Privacy & Security, ensuring risks are identified, assessed, monitored, and managed across all organizational levels, including third-party risk and security requirements. The service includes regular IT audits, development and testing of business continuity plans, and implementation of data protection measures. Business units may develop their own versions of these policies and procedures, provided they meet or exceed corporate standards and receive approval.
Service Details >>Policies
Generative AI Policy
Outlines guidelines for secure and responsible use of generative AI systems by EBSCO employees.
Policy Details >>Services
When you see this checkmark that denotes a Service that is required. While all Policies, Standards, and Procedures are required some services are optional.
Managed Microsoft 365
Microsoft 365 streamlines your IT landscape, offering collaborative software solutions that enable effective remote teamwork and document sharing. Within the suite, discover a robust communication hub covering electronic mail, calendaring, messaging, social communities, audio/video conferencing, and VoIP, facilitating seamless interactions with stakeholders. Leverage advanced messaging tools for practical features like file transfer, sync and share, embedded images, hyperlinks, and video chat. Additionally, Microsoft 365's end-user applications empower content creation and distribution, spanning documents, presentations, spreadsheets, project management, databases, web design, graphics, audio/video editing, and CD/DVD recording functionalities, optimizing your IT investments.
Service Details >>Discipline Experts
Stories of Success
Diversified Ocean Freight Supply Chain Strategy
Nihiliaetorum quiu verum in telum opulicoorena tquemus adductorum derficaute nius inatus cupiena tuusuloc.
Read More
Lorem Ipsum, Dolor Sit Amet
Nihiliaetorum quiu verum in telum opulicoorena tquemus adductorum derficaute niusQuidefec tus inatus cupiena tuusuloc
Read More
Lacus feugiat class sapien duis iaculis risus commodo
Nihiliaetorum quiu verum in telum opulicoorena tquemus adductorum derficaute niusQuidefec tus inatus cupiena tuusuloc.
Read More