| CSF 1
- A Campus-wide Information Technology Security Management Structure.
Strategies:
- Establish an Executive Leadership Team (ELT) to help provide
direction and policy guidance on campus-wide information technology
security management issues.
- Establish an information technology security workgroup(s)
as staff to the ELT.
- Establish an information technology security management
position that is directly responsible for managing campus-wide
information technology security matters and implementation
of the ITSP.
- Develop information technology security lines of authority
to facilitate the overall management of campus-wide information
technology security and implementation of the ITSP.
- Develop an overall plan for implementing the ITSP.
- Establish collaborative working and reporting relationships
with other University entities related to information technology
security issues.
- Establish partnerships with other institutions of higher
education, various state and federal entities as needed and
applicable.
CSF 1 - A Comprehensive, Campus wide Information
Technology Security Policy.
Strategies:
- Conduct an assessment ```of existing policies, procedures,
and related security standards.
- Review state and federal laws, rules and related policy
mandates for applicability, integration and compliance where
required.
- Review and integrate best security practices of leading
higher education, government and private sector organizations.
- Develop a comprehensive information technology security
policy with accompanying procedures that helps provide adequate
safeguards to protect valuable University data and resources.
- Obtain executive approval for the policy.
- Present this policy to all University stakeholders for awareness
and information.
CSF 2 - A Campus wide Information Technology
Security Awareness Program.
Strategies:
- Promote awareness of security, privacy and critical infrastructure
issues through information security orientations, presentations
and training.
- Research and publish Information Technology “Best Security
Practices”.
- Design and put up an integrated Information Technology Security
Web site which provides all University stakeholders with useful,
up to date information on related security matters and also
provides links to other security related sites, resources
or references. http://www.security.fsu.edu
CSF 2 - A Roles Based Information Technology
Security Training Program.
Strategies:
- Review the existing Computer Based Training (CBT) and related
security training programs being offered by User Services
as well as the National Institute of Standards and Technology
- Information Technology Security Training Requirements -
for integration into a campus wide computing security-training
program.
- Develop a roles based information technology security-training
curriculum.
- Publicize the Computer Science Information Security Certification
program.
- Publicize the Computer Science Information Security Curriculum.
CSF 3 - A Risk Management Process and Guide for
Use by All University Stakeholders.
Strategies:
- Address the requirements and implementation of “data access
controls” with the objective of limiting access to those who
have a legitimate need to the data.
- Describe requirements for backup and recovery of critical,
sensitive or otherwise important resources.
- Address the requirement for adequate “contingency plans”
and their documentation to ensure continued operations of
critical functions and/or the recovery of critical or sensitive
data.
- Require and document the campus policy and procedures for
computer virus protection. Include desktops, networks, servers,
etc. Describe responsibilities for updating programs and
providing updates to signature files.
- Document the importance and the requirements of departments
and individuals for maintaining compliance with copyright/intellectual
property/licensing and software piracy issues.
- Work with Purchasing to establish the requirement that newly
acquired systems have adequate security controls built into
them.
- Require adequate termination and transfer procedures for
when staff, faculty and students have changes to their employment,
status or locations.
|
