System and Communications Protection

The institution shall monitor, control, and protect communications (i.e., information transmitted or received by institutional systems) at the external and key internal boundaries of institutional digitalization systems.
The institution shall use architectural designs, software development techniques, and systems engineering principles that promote effective information security within institutional digitalization systems.

Objectives

Benefits

Scope

Network design

Network Implementation

Network Management

User devices

Precaution measures

Stolen computers

User responsibilities

Hardware acquisition, maintenance

Hardware disposal

Software applications

Data

Business Continuity (BC) and Disaster Recovery (DR)

User collaboration and email service

Password Policy

Email Accounts

System access and authorization

Security Policy and Procedures

Minimizing the exposure of systems to External Networks

Access Control

Implement network segmentation

Institution awareness and Training

Audit and Accountability

Configuration Management

Identity Management and Authentication

Incident Response

Maintenance

Media Protection

Personnel Security

Physical and Environmental Protection

Risk Assessment

System and Communications Protection

System and Information Integrity

Personally identifiable information (PII) Processing and Transparency

Contingency Planning

Supply Chain Risk Management

Passwords Protection

Assessment of the current situationge

Definition of the strategic target position

Definition of gaps

Establishing a roadmap to close the gaps.

Roles and responsibilities

Resources and Impact

Digitalization project initiation

Digitalization project documentation

Digitalization project implementation

Digitalization staff

Digitalization talent and capacity building

Challenge Definition

Ideation Stage

Prototyping

Testing Stage

Implementation

System and Communications Protection