IT Management – Overarching IT Policies/Standards/Guidelines

Risks, Vulnerabilities and Threats

  • Inconsistent or informal practices
  • Poor or nonexistent controls
  • Lack of understanding of what is expected

 

Control Objectives and Operational Goals

  • Formal and documented campus wide IT related policies and procedures in place and disseminated. Among the topics included should be the following:
    • Information Security including enterprise data, personal information and personal health information
    • Disaster recovery
    • Access controls such as password changes and defaults, remote access including encryption, telecommuting, wireless, etc
    • Operating system defaults and suggested hardening procedures
    • Incident Response