Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Save to My Library
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1


Ratings: (0)|Views: 112|Likes:
Published by Einstein Augustine

More info:

Published by: Einstein Augustine on May 04, 2012
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





ITRM Guideline SEC508-00Effective Date: 04/18/2007
Information Technology Resource Management
Virginia Information Technologies Agency (VITA)
IT Risk Management Guideline ITRM Guideline SEC508-00Effective Date: 04/18/2007
ITRM Publication Version Control
ITRM Publication Version Control: It is the user’s responsibility to ensure that he orshe has the latest version of the ITRM publication. Questions should be directed to theAssociate Director for Policy, Practice and Architecture (PPA) at VITA’s IT Investmentand Enterprise Solutions (ITIES) Directorate. ITIES will issue a Change Notice Alertwhen the publication is revised. The Alert will be posted on the VITA Web site. Anemail announcement of the Alert will be sent to the Agency Information TechnologyResources (AITRs) at all state agencies and institutions, as well as other parties PPAconsiders interested in the publication’s revision.This chart contains a history of this ITRM publication’s revisions:
Version Date Purpose of Revision
Original 04/18/2007 Base Document
IT Contingency Planning Guideline ITRM Guideline SEC508-00Effective Date 04/18/2007
 Publication Designation
ITRM Guideline SEC508-00
Information Technology Data Protection
Effective Date
April 18, 2007
Scheduled Review
One (1) year from effective date
Code of Virginia § 2.2-603(F)(Authority of Agency Directors)
Code of Virginia
, §§ 2.2-2005 – 2.2-2032.(Creation of the Virginia Information TechnologiesAgency; “VITA;” Appointment of Chief InformationOfficer (CIO))
is offered as guidance to all ExecutiveBranch State agencies and institutions of highereducation (collectively referred to as “agency”) thatmanage, develop, purchase and use informationtechnology (IT) resources in the Commonwealth.
To guide agencies in the implementation of theinformation technology contingency planningrequirements defined by ITRM Standard SEC501-01.
General Responsibilities
(Italics indicate quote from the Code of Virginia)
Chief Information Officer
In accordance with
Code of Virginia
§2.2-2009, theCIO is assigned the following duties:
“the CIO shalldirect the development of policies, procedures and standards for assessing security risks, determining theappropriate security measures and performingsecurity audits of government databases and datacommunications. At a minimum, these policies, procedures, and standards shall address the scope of security audits and which public bodies are authorized to conduct security audits.”
Chief Information Security Officer
The CIO has designated the Chief InformationSecurity Officer (CISO) to develop InformationSecurity policies, procedures, and standards to protectthe confidentiality, integrity and availability of theCommonwealth of Virginia’s IT systems and data.
IT Investment and Enterprise SolutionsDirectorate
In accordance with the
Code of Virginia
2.2-2010,the CIO has assigned the IT Investment and EnterpriseSolutions Directorate the following duties:
 Developand adopt policies, standards, and guidelines for managing information technology by state agenciesand institutions
All State Agencies
In accordance with § 2.2-603, §2.2-2005, and §2.2- 2009of the
Code of Virginia,
, all Executive BranchState agencies are responsible for complying with allCommonwealth ITRM policies and standards, andconsidering Commonwealth ITRM guidelines issuedby the CIO of the Commonwealth.
All Executive Branch State Agencies andinstitutions of higher education that manage, develop,purchase and use IT resources in the Commonwealthof Virginia (COV).
Agency Control
- If an agency is the Data Owner of the data contained in a Government database, thatagency controls the Government database.
- Business impact analysis – The process of determining the potential consequences of a disruptionor degradation of business functions.
– An unanticipated event that causes adisruption of normal business.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->