Developing an enterprise information security policy

Authors:
Jinx P. Walton
Affiliations:
University of Pittsburgh, Pittsburgh, PA
Venue:
SIGUCCS '02 Proceedings of the 30th annual ACM SIGUCCS conference on User services
Year:
2002

Citing 0
Cited 9

Balancing confidentiality and efficiency in untrusted relational DBMSs

Proceedings of the 10th ACM conference on Computer and communications security
Modeling and assessing inference exposure in encrypted databases

ACM Transactions on Information and System Security (TISSEC)
An experience of monitoring university network security using a commercial service and DIY monitoring

Proceedings of the 34th annual ACM SIGUCCS fall conference: expanding the boundaries
Strategic planning for the computer science security of banking organizations, companies and government

CEA'08 Proceedings of the 2nd WSEAS International Conference on Computer Engineering and Applications
Strategic planning for the computer science security

WSEAS Transactions on Computers
A systematic review of security requirements engineering

Computer Standards & Interfaces
Semi-formal transformation of secure business processes into analysis class and use case models: An MDA approach

Information and Software Technology
Applying a security requirements engineering process

ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
A comparative study of proposals for establishing security requirements for the development of secure information systems

ICCSA'06 Proceedings of the 2006 international conference on Computational Science and Its Applications - Volume Part III

Quantified Score

Hi-index	0.00

Visualization

Abstract

The University of Pittsburgh is at the midpoint of a three-year strategic plan focused on information technology. Our strategic direction is based on a tiered model consisting of these layers: network infrastructure, middleware, Web infrastructure, and the set of applications and services that can be provided to our user community. As applications and services become increasingly more complex, there is a greater potential for security breaches that must be adequately addressed.The ability for students and faculty to share data and collaborate on projects is of utmost importance to any higher education institution. A large, multidisciplinary institution such as the University of Pittsburgh must be able to find an effective balance between the need to provide people in the local, national, and international communities with access to information and the need to protect sensitive information from unauthorized access and misuse.The subject of information security has received a great deal of attention within academia before and after the events of September 11, 2001. Federal regulations such as the HIPAA legislation protecting patient data, the USA PATRIOT Act, and the Digital Millennium Copyright Act all have significant impact. The complexities involved in developing adequate security plans have resulted in the development of the ISO 17799 standard, used widely in security plan development.A University-wide security plan is under development that, when completed, will address security at all levels. This comprehensive security plan will cover policies, business practice changes, and user awareness concerns. This presentation focuses on the process that is underway to identify security issues and to design and implement a comprehensive security plan that maintains an open academic environment and fully addresses relevant legislation and best practice models.