Any security solution composes of People, Technologies, and Processes. This section will discuss how IT Security could help business processes to be secure-by-design.
Security-By-Design Approach
- Define the objectives and/or outcome of a business process.
- Understand the current workflow and data flow.
- Define the future workflow and data flow.
- Identify the risks associated with the workflow and data flow.
- Set up controls along the workflow to mitigate various levels of risks.
- Safety and Physical Security Risks
- Legal, Contractual, and Regulatory Compliance Risks
- Access Control Risks
- Functional and Operational Risks
- Data Security Risks (including data integrity, confidentiality, and data exchange, etc.)
- Financial Risks
- Reputational Risks
Securing Processes and Information Security Programs
California State University defines the Information Security Policy and Standards to guide the security controls for business processes and operations. Information Security Programs are established at Cal State LA to meet the compliance requirements of the data security standards.
- Notify the campus of the data security standard.
- Identify the campus constituents who must participate in the program.
- Outline compliance requirements of the data security standard.
- Define the campus-specific steps that constituents must follow to comply with the data security standard.
- Assign administrative responsibility for the program.
- Inform constituents of all required self-assessments, tests, reports, questionnaires, certifications, and the like that may be required on an annual or semi-annual basis.
Cal State LA Information Security Programs
- CSU Information Security Policy and Standards
- CSU Information Security Privacy of Personal Information Policy
- CSU Information Security Responsible Use Policy
- Cal State LA Campus Security Standards and Guidelines
- Information Security Governance Reviews (Under Construction)
- Information Security Assessments
- Information Security Exception Reviews and Approvals
- Cyber Security Incident Response
- Cal State LA Password Policy
- Data Classification
- Data Encryption
- Data Discovery (Spirion)