Home

Developing a Security Plan

Wed, 03/11/2009 - 14:02 — mcoyle

No computer or workstation is immune to compromise. University information and network assets are of significant value and protecting them is the responsibility of everyone handling these assets. Every department is expected to develop a security plan.

 The following steps and web pages will provide you with the guidance and information to determine your department's IT security risk level, evaluate your department's IT security strengths and weaknesses and develop an IT security plan for your department.

 The IT Security Plan and process can implemented and maintained with minimum effort and resources. It is a first step to eliminating the bulk of vulnerabilities which cause compromises.

1. Take an inventory of your physical and information assets (what are you protecting?).
2. Perform a risk assessment to determine what level of security is needed to protect your information assets.
3. Complete the checklist to make you aware of your security strengths and weaknesses
4. Complete an evaluation. Evaluate your findings and discuss recommendations to correct deficiencies and/or improve security with departmental administration and IT staff.
5. Develop a security plan. Create a Security Plan with target dates for implementation.

Assign responsibilities and target dates for the plan. Then monitor progress with reports on improvements and security initiatives.

Listed below are suggested personnel to carry forward and implement a security plan. Please feel free to look the Steps over prior to starting as well as the graph documenting the organization of the plan. The goal of the plan is to help you determine an appropriate level of security and plan to arrange suitable security for your departmental IT assets.

Responsibilities for a Departmental Security Plan

Inventory - IT Staff

Risk Assessment - Systems Administrator and Director/Dean/Administrator

Checklist - Systems Administrator

Evaluation - Systems Administrator provides report to Director/Dean/Administrator

Plan - IT Staff with approval of Director/Dean/Administrator