ISO Initiatives

The ISO is responsible for the identification, planning, and execution of projects and initiatives related to the improving the Institute's information security posture. The following projects are currently underway or projected for completion by the end of the June 2016. Please contact the ISO at for any comments, questions, or concerns regarding these initiatives.

ISO Website Redesign

Status: COMPLETED - In Production

The ISO website has been updated to provide useful information and resources to better inform the Wentworth community on matters related to information security. This will be an ongoing effort to keep the information and training materials relevant and pertinent to today's information security and data privacy topics and concerns.

Risk Management

Status: COMPLETED - In Production

Currently, the ISO has utilized a risk-based approach to identify and develop the current information security improvement plan. As the Institute's information security posture matures, so will the risk management process itself. Improvements to the current process are under review to identify potential areas for improvement. This project has transitioned into production as an active service offered by the ISO.

Information Security Governance

Status: COMPLETED - In Production

Information security is not the sole responsibility of one person or one department. The entire Wentworth community shares this responsibility and it is the goal of the ISO to ensure that the polices, standards, and controls put in place to safeguard the Institute's information resources are formed and chosen by representatives of the community.

Governance over the Institute's Written Information Security Program has been in effect since September 2013 and will meet on a regular basis to continually evaluate the effectiveness of the current strategy and make changes to addresses any potential gaps. This new governance group, the Information Security Compliance Committee represents over 18 administrative and academic departments throughout the Institute and works together to provide oversight and guidance to the Institute's Information Security Program.

Incident & Continuity Management

Status: COMPLETED - In Production

This project involved the updating of the current incident, contingency, and continuity plans that serve to address how we handle information security incidents, disruptions, and disasters. The project has transitioned into production with plans that will serve to equip the persons responsible for the Institute's data and information systems with effective plans to mitigate the affects of such events.

Under the governance of the Incident and Contingency Planning Committee, comprised of Technology Services leadership and system administrators, these plans will undergo routine testing and maintenance to ensure that future information security incidents, disruptions, and disasters are responded to and handled in the more efficient and effective manner.

Information Security Training and Awareness

Status: Pre-deployment (Launch scheduled for October 2014)

To ensure that the Institute remains compliant with federal and state regulations, industry standards, and institutional policy, the ISO will provide up-to-date information security training and awareness materials. These materials will be provided to all students, faculty, and staff through various means to better equip them with safeguarding institutional information resources, as well as their own data and information systems. This will be an ongoing effort as compliance requirements and the very nature of the topics of data privacy and security are constantly evolving.

Although this will be an ongoing effort that will be continually updated to meet the changing needs, a comprehensive Information Security & Compliance Training Program will launch in October 2014. This project will result with a set of video training modules that will cover various information security topics and pertinent information on various regulations and standards. Visit our Training page for more information.

Change Management

Status: COMPLETED - In Production

The ever-changing and continuously evolving nature of information technology requires that information systems are constantly updating and upgrading to ensure they are capable of meeting the new requirements and needs of its consumers. This ever-changing nature presents risks and management challenges that require a systematic and structured approach to implementing these changes. To address and mitigate the potential risks that the Institute could face with when performing changes to the information systems and information technology services portfolio that it depends on, a formal change management process is currently being utilized by Technology Services and is managed by the Technology Services Change Advisory Board (CAB). 

Data Management

Status: Pre-deployment (Policy and standard under review)

The purpose of this project is to establish a set of classification standards for institutional data and information systems. The outcomes will be include standards to:

  • establish data governance roles and responsibilities;
  • classify data;
  • classify information systems by criticality; and
  • establish data handling, storage and destruction.

Information Security Policy Management

Status: In Progress 

Policies, standards, and guides will be utilized as the governing documents for developing, implementing, and auditing information security controls and safeguards. The project to identify and determine the currency and applicability of current policies, as well as develop new policies for areas not currently covered, has been completed and the revised policies are currently under review by the ISCC and Institute Policy Committee.

New and revised policies completed include:

  • Written Information Security Program (WISP) - 2013 update replaced 2010 edition
  • Acceptable Use Policy - will replace Responsible Use Policy
  • Clean Desk Policy - new policy submitted for approval

Identity & Access Management

Status: Scheduled to begin in Fall 2014

Identity and access management are vital to the success of any information security initiative. The current tools and practices are under review for systematic improvements and expansion. A major goal for this project is to improve the integration and centralization of all systems for authentication and authorization purposes. This will go far to improve the overall information security posture of the Institute.

Network Access Control

Status: Phase 1 Complete, Phase 2 scheduled for Fall 2014

Technology Services is currently in the process of deploying network access control (NAC) appliances that will improve the overall security of the Institute's campus network. This project will be implemented in multiple phases, starting with the LeopardGuest and LeopardSecure wireless networks. More information on this project can be found on the NAC project page.

© Wentworth Institute of Technology   |   550 Huntington Avenue   |   Boston, MA 02115   |   617-989-4590