Skip to main content

Secondary navigation:

Information Technology Services

Strategic Plan | Security

goals, objectives, action items

GOAL I Advance Boston College's information security infrastructure and management practices using industry standards (ISO27002) in support of the specifics needs of the University.
  1. Position Boston College as a leader in security education and awareness as a means of minimizing the associated risks to the University community.
  • Design and implement ongoing data security awareness campaigns for all levels of the University community that:
    • address current and potential risks and compliance issues
    • reflect outside research and best practices
    • are informed by community input and feedback
  1. Strengthen the overall data security posture by enhancing Boston College business practices to ensure consistent data security practices are in place throughout the community.
  • Create environments that encourage safe storage of data, including automating safe storage where appropriate.
  • In conjunction with the data classification (see Security Goal I, Objective 3) and IAM (see Infrastructure Goal I, Objective 1) action items, review user roles to determine if additional oversight and prevention can be provided for those with access to sensitive data.
  • Develop ITS security checklists that outline best practices and allow self-certification as a means of ongoing risk mitigation.
  1. Refine the implementation of the governance model outlined in the University Data Security Policy to improve data security at Boston College.
  • Classify University data in accordance with the University Data Security Policy.
  • Create user-friendly processes and tools for general data classification purposes.
  • Reassess the roles and compliance requirements defined in the University Data Security Policy and propose practical recommendations for the operating environment.
  • Effectively communicate the refined University Data Security Policy.
  1. Provide technologies and processes that facilitate adoption of security initiatives.
  • Provide a clear articulation of the security architecture and direction to ensure a common understanding and application of University security initiatives.
  • Document and communicate the security architecture roadmap.