OIT Security Planner

Vectors: The OIT Security Planner

“Each Campus and institute is responsible for creating, approving, maintaining, and implementing an information security plan based on the National Institute of Standards and Technology (NIST) Risk Management Framework.”

-UT System Policy IT0121

About this Application

Vectors is an application designed to assist in the creation of security plans at the campus, unit, and system levels of the University of Tennessee, Knoxville.

See Information Security Policies and Procedures for more information.

Below is a word cloud showing the many kinds of subjects covered in a security plan. Security plans are created to help protect against a wide range of attack vectors.

This application leads a team through creating a security plan together by responding to one security subject (or Control) at a time. A control is any methodology we implement to control and protect our environment. For this security plan exercise, we’ve selected some of the most relevant standard controls provided by the National Institute of Standards and Technology(NIST).

Contributors to the plan are given contextual help describing the controls people typically implement to improve security in our kind of environment. Contributors can then give their “Control Response” explaining how they currently handle each kind of security within their Campus, Unit, or System.

Some of the security measures will be things we have implemented and others will not. That’s ok. Learning where we are is the main goal.

When responses have been collected for all the controls, a security plan is completed by having people sign off on the plan and thereby acknowledge that the information is accurate to the best of their knowledge.

Security plan information can then be used in reports which help not only in audits, but in planning our defenses against vulnerable vectors of attack.

If you are a contributor, thank you.