IT SECURITY IMPLEMENTATION PROCESS
Suggested Phases and Tracks for
Implementing the Security Guidelines
In Response to the State IT Security Policy
Phase 1:
IT Security Policy
- Develop an institutional IT Security Policy and/or enhance the
institutional AUP, as needed
Phase 2:
Risk Assessment
- Conducted by IT Security Staff
- The risk assessment will identify critical systems for Track I and
prioritize activities for Tracks II through V.
Phase 3: Enhance the Institutional IT Security Program
(Note: Track activities can be
performed concurrently)
Track I:
- Incorporate IT security in the SDLC, including existing systems and develop and test disaster recovery plans for CRITICAL SYSTEMS
- Implement Access Control guidelines for Critical Systems
Track II:
- Implement additional measures to protect non public information
Track III:
- Enhance network security by implementing the Network Security guidelines
Track IV:
- Enhance physical security by implementing the Physical Security guidelines
Track V:
- User Education / PC laptop guidelines
Phase 4:
Complete processes related to IT Information
Security Deviation / Risk Acceptance Standard
