Securing Processes

Any security solution composes of People, Technologies, and Processes.  This section will discuss how IT Security could help business processes to be secure-by-design.

Security-By-Design Approach

  1. Define the objectives and/or outcome of a business process.
  2. Understand the current workflow and data flow.
  3. Define the future workflow and data flow.
  4. Identify the risks associated with the workflow and data flow.
  5. Set up controls along the workflow to mitigate various levels of risks.
    • Safety and Physical Security Risks
    • Legal, Contractual, and Regulatory Compliance Risks
    • Access Control Risks
    • Functional and Operational Risks
    • Data Security Risks (including data integrity, confidentiality, and data exchange, etc.)
    • Financial Risks
    • Reputational Risks

Securing Processes and Information Security Programs

California State University defines the Information Security Policy and Standards to guide the security controls for business processes and operations.  Information Security Programs are established at Cal State LA to meet the compliance requirements of the data security standards.

  • Notify the campus of the data security standard.


  • Identify the campus constituents who must participate in the program.
  • Outline compliance requirements of the data security standard.


  • Define the campus-specific steps that constituents must follow to comply with the data security standard.
  • Assign administrative responsibility for the program.


  • Inform constituents of all required self-assessments, tests, reports, questionnaires, certifications, and the like that may be required on an annual or semi-annual basis.