Home :: Content

18 Month Information Technology Security Audit Response


Quick View
Summary: 

Complete full set of documentation for the 18-month Information Technology Security Audit. Coordinate and ensure completion of response items identified in the Auditor General's 12-month Information Technology Security Audit.

Start Date: 
September 28, 2009
Go Live: 
December 31, 2009
End Date: 
January 29, 2010
Current Milestone: 
11/25/2009 - Documentation Approved
Stage: 
On track
People
Sponsor/Champion: 
Adrian Sannier, Vice President and University Technology Officer
Lead Customer: 
Tina Thorstenson
Project Manager: 
Noel Lindner
Associate VP University Technology: 
Tina Thorstenson
More Info
Source: 
Executive
Department: 
UTO
Priority: 
High
Scope: 
  1. Captures and compiles output from related projects and tasks
    1. Projects
      1. ASU General Security Training – 18 Month Audit Requirement
      2. ASU Web Developer Security Training – 18 Month Audit Requirement
      3. ASU Web Infrastructure Scanning – 18 Month Audit Requirement
    2. Tasks (not defined as projects)
      1. Document and publish the process for communicating urgent updates and security-related patches to Web systems administrators and ensuring that enterprise and distributed systems are updated or mitigated accordingly
        1. Include operating systems, database software, and common application middleware
        2. Specify time frame for enterprise systems
        3. Recommend time frame for distributed systems
        4. Specify a process for handling waivers if necessary
        5. Publish on getprotected.asu.edu
        6. Draft executive communication (Adrian or higher to UTC)
        7. Draft technical staff communication (IS Office to TAG)
      2. Generalize from existing risk assessment reports to document the procedure for conducting future risk assessments
      3. Working with Audit & Advisory Services
        Details TBD
      4. Ensures related projects are on track, reports to management on their status as required, and assists with any obstacles to completion.
      5. Communicates with the Auditor General's office on requirements as necessary.
      6. Serves as a clearinghouse for tasks common to related projects/tasks; e.g., executive messages, campus communication strategies, approval and publication of standards and guidelines defined in each project.
        Specifies any additional output required from related projects/tasks in accordance with feedback from the Auditor General's office.
      7. No university policies are to be created within this project.
Deliverables: 
  1. Written summary in response to each point of the 18-month requirements
  2. Documented approval of standards, guidelines and procedures generated as output from related projects and tasks
  3. Publication and communication of standards, guidelines and procedures generated as output from related projects and tasks
  4. Updated binders containing
    1. AG requirements
    2. Response summaries
    3. Supporting documentation
Syndicate content