Creating UF IT Security and Compliance
Goals and Objectives
Implement the ITAP recommendation to create a single IT Security and Compliance group at the University of Florida, reporting to the CIO, supporting the University in its efforts to protect the information and computing assets that are owned, operated and used by UF.
IT Security and Compliance must have clear scope, authority, accountability and responsibilities. Its organization, reporting structure and resources must be appropriate for the work to be done. It must achieve a transformation of current practice without harming on-going security activities, and in accordance with UF IT principles.
Deliverables
- Clearly identified organizational structure, roles, responsibilities, and accountability for IT Security and Compliance and for all UF offices with respect to securing IT assets.
- One comprehensive and appropriately scoped set of UF-wide security policies, standards, procedures and guidelines.
- A clearly defined set of services provided by IT Security and Compliance along with procedures and resources for providing them.
- An on-going, transparent process for discussion of IT security and compliance with UF leadership, faculty, staff, students and partners.
- Governance processes with well defined input and decision domains.
- Policies and procedures regarding compliance with the program.
- An IT Security and Compliance training and education program that reaches the entire UF community.
Project Sponsor
- Dr. Bernie Machen
Impact
The creation of IT Security and Compliance will improve UF's security posture by making securing IT assets of the University routine. Significant changes in UF's operations are expected across the university to improve UF's security posture.
Timeline
A plan for creating IT Security and Compliance will be completed by May 31, 2009. It is anticipated that the work to create the IT Security and Compliance group will be completed by March 31, 2010.
