No computer or workstation is immune to compromise. University information and network assets are of significant value and protecting them is the responsibility of everyone handling these assets. Every department is expected to develop a security plan. The following steps and web pages will provide you with the guidance and information to determine your department's IT security risk level, evaluate your department's IT security strengths and weaknesses and develop an IT security plan for your department.

Departmental Security Guide

This guide is intended as a security-centric addendum to the OIT Guide to Information Technology for Academic and Administrative Units. There is also a good amount of information in the OIT Standards for Management of Computer Systems web page.

• What you need to know and should know to do before tackling information security for your department.

• Best practices for creating services and developing software securely.

• Proactive security systems and software packages which can be implemented to further secure your network.

• Make sure the keys to your equipment housing your information are protected with effective locks.

• Make sure that your work in implementing security does not go to waste and is instead watched and maintained.

Departmental Case Study

Given the security guide above, this case study examples a typical department. The department has two high profile Principle Investigators, has a tool which collects student information, and also has a small commerce site where they sell T-shirts. We'll step through the decision making process of determining what to implement and how to do it in order to appropriately reduce risk to the department.