Introduction
Information Security Plan and Best Practice Solutions / Guidelines
In the hopes of establishing and maintaining a secure data environment, KCTCS has put together a security plan that includes a set of best practice solutions and guidelines for reference purposes. The security plan helps to serve the need for compliance with the Payment Card Industry Data Security Standard (PCI-DSS) and FIPS requirements. The Security plan is not intended to replace any existing enterprise security policies.
Purpose
The Information Security Plan and best practice guidelines serve to establish the minimum information security practices for sensitive data computer resources and associated communication networks. Furthermore, this plan with its included guidelines intend to give direction on sensitive data security practices that are designed to ensure confidentiality, integrity, and availability of corporate data.
Security Standards
The security solutions outlined in this document are designed to provide guidance for compliance with all National Institute of Standards and Technology (NIST) recommendations as defined in special publication 800-53.
NIST 800-53 REFERENCE PUBLICATION
Information Security Elements
Information Security is defined as the protection of sensitive data environment information and its critical elements, including people, systems and hardware that store, use or process, and transmit that information. KCTCS uses a layered security model consisting of technical controls, education and awareness, and policies designed to ensure data confidentiality, integrity, and availability. These security principles are intended to give direction on accepted security practices for the sensitive data environment.