IT security plan
Step 4. Evaluation
Thu, 03/12/2009 - 15:05 — mcoyle
To evaluate your department, review prior steps you've taken: Inventory: An inventory was taken to determine what IT equipment and information you are responsible to protect. IT Risk Assessment: The Assessment established the type of information handled by your department and the type of security needed to protect these IT assets. IT Departmental Checklist: The Checklist got down to the procedure and asked specific questions related to your department's security.
To provide an evaluation report make two lists. One list will contain the statements from the checklist which were positive which you can use to prepare an evaluation report. The other will contain a list of issues/or negative observations which you will address for the Security Plan.
The Checklist provides questions. You can turn these questions into statements to provide the basis for an evaluation report. The Evaluation will provide information on what the department now has in relation to security.
Sample Departmental Evaluation Report
This is a Sample Evaluation Report. This evaluation started with an Inventory and Risk Assessment followed by a Security Checklist. Statements on the sample report below have been gleaned from the Security Checklist. All items answered 'no' should be addressed in the Security Plan. Be sure to take into consideration the level of risk from Step 2 (Risk Assessment).
Developing a Security Plan
Wed, 03/11/2009 - 14:02 — mcoyleNo computer or workstation is immune to compromise. University information and network assets are of significant value and protecting them is the responsibility of everyone handling these assets. Every department is expected to develop a security plan.
