ISO Initiatives

The ISO is responsible for the identification, planning, and execution of projects and initiatives related to the improving the Institute's information security posture. The following projects are currently underway or projected for completion within the current fiscal year, July 2013 to June 2014. Please contact the ISO at infosecurity@wit.edu for any comments, questions, or concerns regarding these initiatives.

ISO Website Redesign

Status: In Production

The ISO website has been updated to provide useful information and resources to better inform the Wentworth community on matters related to information security. This will be an ongoing effort to keep the information and training materials relevant and pertinent to today's information security and data privacy topics and concerns.

Information Security Training and Awareness

Status: Planning Phase

To ensure that the Institute remains compliant with federal and state regulations, industry standards, and institutional policy, the ISO will provide up-to-date information security training and awareness materials. These materials will be provided to all students, faculty, and staff through various means to better equip them with safeguarding institutional information resources, as well as their own data and information systems. This will be an ongoing effort as compliance requirements and the very nature of the topics of data privacy and security are constantly evolving.

Information Security Governance

Status: In Development

Information security is not the sole responsibility of one person or one department. The entire Wentworth community shares this responsibility and it is the goal of the ISO to ensure that the polices, standards, and controls put in place to safeguard the Institute's information resources are formed and chosen by representatives of the community.

Governance over the Institute's Written Information Security Program will recommence under a new committee in September 2013 and will meet on a regular basis to continually evaluate the effectiveness of the current strategy and make changes to addresses any potential gaps.

Incident & Continuity Management

Status: In Development

This project involves the updating of the current incident, contingency, and continuity plans that serve to address how we handle information security incidents, disruptions, and disasters. This project will go into production with plans that will serve to equip the persons responsible for the Institute's data and information systems with effective plans to mitigate the affects of such events.

Change Management

Status: In Development

The ever-changing and continuously evolving nature of information technology requires that information systems are constantly updating and upgrading to ensure they are capable of meeting the new requirements and needs of its consumers. This ever-changing nature presents risks and management challenges that require a systematic and structured approach to implementing these changes. To address and mitigate the potential risks that the Institute could face with when performing changes to the information systems and information technology services portfolio that it depends on, a formal change management process is currently under development within DTS. The ISO is leading the initiative at this stage.

Data Management

Status: In Development

The purpose of this project is to establish a set of classification standards for institutional data and information systems. The outcomes will be include standards to:

  • classify data;
  • classify information systems by criticality; and
  • establish data handling, storage and destruction.

Information Security Policy Management

Status: In Development

Policies, standards, and guides will be utilized as the governing documents for developing, implementing, and auditing information security controls and safeguards. A project is underway to identify and determine the currency and applicability of current policies, as well as develop new policies for areas not currently covered.

Risk Management

Status: In Production / Planning Phase for Improvements

Currently, the ISO has utilized a risk-based approach to identify and develop the current information security improvement plan. As the Institute's information security posture matures, so will the risk management process itself. Improvements to the current process are under review to identify potential areas for improvement.

Identity & Access Management

Status: In Production / Planning Phase for Improvements

Identity and access management are vital to the success of any information security initiative. The current tools and practices are under review for systematic improvements and expansion. A major goal for this project is to improve the integration and centralization of all systems for authentication and authorization purposes. This will go far to improve the overall information security posture of the Institute.

Configuration Management

Status: Planning Phase

DTS centrally manages a multitude of servers, desktops, and laptops and other computing and networking devices utilized throughout the Institute. An effort to improve the management for each configuration will be undertaken to improve security and efficiency for both change and service management.

© Wentworth Institute of Technology   |   550 Huntington Avenue   |   Boston, MA 02115   |   617-989-4590