Suggested Phases and Tracks for Implementing the Security Guidelines

In Response to the State IT Security Policy


Phase 1: IT Security Policy

    • Develop an institutional IT Security Policy and/or enhance the institutional AUP, as needed

Phase 2: Risk Assessment

    • Conducted by IT Security Staff
    • The risk assessment will identify critical systems for Track I and prioritize activities for Tracks II through V.

Phase 3: Enhance the Institutional IT Security Program

(Note: Track activities can be performed concurrently)

Track I:

    • Incorporate IT security in the SDLC, including existing systems and develop and test disaster recovery plans for CRITICAL SYSTEMS
    • Implement Access Control guidelines for Critical Systems

Track II:

    • Implement additional measures to protect non public information

Track III:

    • Enhance network security by implementing the Network Security guidelines

Track IV:

    • Enhance physical security by implementing the Physical Security guidelines

Track V:

    • User Education / PC laptop guidelines

Phase 4: Complete processes related to IT Information Security Deviation / Risk Acceptance Standard