Introduction




Jing Wu, being the director of computing and information services has to deal with the trouble of making sure that all security requirements are meet in her department. Her responsibilities include maintaining security of the all the departmental level systems. She is in charge of implementation, management and technical support of all systems in the anthropology department.

Jing often feels that there is a lack of resources for security compliance and wishes there was an easy description of what needs to be done. She is the only person responsible for overall security in the anthropology department and her responsibilities leave her overburdened on many days. The faculty members in the anthropology department often want administrator rights to their system, and Jing finds it challenging to explain their exact responsibilities to them.

She took prints of almost a dozen policy documents and thought that she would read them over the weekend and figure out what controls are applicable to the systems in her department.But those documents were amazingly complicated for her to understand and left her totally furstrated.

She wishes that there was some kind of framework or checklist that would point her to security best practices and make her work less complicated. Even better would be to have guidance on writing a security plan for the highly restricted data that her department deals with.