IT SECURITY IMPLEMENTATION PROCESS
Suggested Phases and Tracks for Implementing the Security Guidelines
In Response to the State IT Security Policy
Phase 1: IT Security Policy
- Develop an institutional IT Security Policy and/or enhance the institutional AUP, as needed
Phase 2: Risk Assessment
- Conducted by IT Security Staff
- The risk assessment will identify critical systems for Track I and prioritize activities for Tracks II through V.
Phase 3: Enhance the Institutional IT Security Program
(Note: Track activities can be performed concurrently)
Track I:
- Incorporate IT security in the SDLC, including existing systems and develop and test disaster recovery plans for CRITICAL SYSTEMS
- Implement Access Control guidelines for Critical Systems
Track II:
- Implement additional measures to protect non public information
Track III:
- Enhance network security by implementing the Network Security guidelines
Track IV:
- Enhance physical security by implementing the Physical Security guidelines
Track V:
- User Education / PC laptop guidelines
Phase 4: Complete processes related to IT Information Security Deviation / Risk Acceptance Standard