Skip to main content

Secondary navigation:

Information Technology Services

Strategic Plan | Security

goals, objectives, action items

GOAL I Advance the Boston College information security infrastructure and management practices using industry standards (ISO27002) in support of the specifics needs of the University.
  1. Position Boston College as a leader in security education and awareness as a means of minimizing the associated risks to the University community.
  • Design and implement an ongoing data security awareness campaign for all levels of the University community.
  • Continue focus on mandatory data security training while introducing additional content as appropriate.
  • Ensure compliance with the Data Security policy via training or awareness.
  1. Strengthen the overall data security posture by enhancing Boston College business practices to ensure consistent data security practices are in place throughout the community.
  • Create end user environments that encourage safe storage of data, including a review of elements that could be automated.
  • Improve the granularity of user roles so additional security layers for oversight and prevention can be introduced for those who access sensitive data.
  • Define physical assets that access University data which should be managed and implement automated tools to managed defined devices.
  • Develop ITS security checklists that outline best practices and allow self-certification on a regular basis as a means of ongoing risk mitigation.
  1. Refine the implementation of the governance model outlined in the University Data Security Policy to improve data security at Boston College.
  • Classify University Data in accordance with the Data Security Policy.
  • Reassess the roles and compliance requirements defined in the Data Security Policy and propose practical recommendations for the operating environment.
  • Encourage compliance with the Data Security Policy.


GOAL II Provide technologies and processes that facilitate adoption of security initiatives.
  1. Provide a clear articulation of the security architecture.
  • Document and communicate security architecture roadmap.
  1. Develop a culture of security awareness at all levels within the community.
  • Design and implement security awareness and education programs across the campus.
  1. Continue to operationalize security functions as appropriate.
  • Develop procedures to facilitate decentralization of security operations (e.g. EPO).