Scope
The scope of this project is to redesign a new Security Awareness page for the Information Security Office at UTEP in order to increase the number of visitors that visit the website.
The webpage was created because it is required by state law by the University of Texas System (Policy UTS165), as well as providing a service to the UTEP population by giving information to protect their computers from compromises. The web address for the old website is http://admin.utep.edu/securityawareness.
First, the University of Texas System is the head office for all of the Information Security Offices in Texas, and they are in charge of creating the related statutes, policies, requirements or standards for all Texas entities. An entity is described by the University Texas System as an academic teaching institution in The University of Texas System, UT System Administration, and UTIMCO. Their website address is http://www.utsystem.edu/POLICY/policies/uts165.html.
The University of Texas System Policy UTS165 states the following:
It is the policy of The University of Texas System (UT System) to:
1. Protect Information Resources based on risk against accidental or unauthorized access, disclosure, modification, or destruction and assure the availability, confidentiality, and integrity of Data;
2. Appropriately reduce the collection, use or disclosure of social security numbers contained in any medium, including paper records;
3. Apply appropriate physical and technical safeguards without creating unjustified obstacles to the conduct of the business and Research of the UT System and the provision of services to its many constituencies in compliance with applicable state and federal laws.
Second, by providing a service to the UTEP community, we could show that by not providing sufficient protection for their information assets and computers may expose their sensitive information to unwilling parties. If, for example, lists of social security numbers or student ID numbers are compromised at UTEP because the data was not protected by a faculty or staff member, it may cost the university roughly around $75,000 for one incident alone. This cost is due to replacing the old cards with the new ones through the Miner Gold Card Office, and taking time from the personnel who will be distributing the new cards to the students, as well as involving all system administrators and their time to also combine all the old ID numbers with the new ID numbers. Not to mention the integrity and confidence of the students would be lost in the UTEP system, and this would lead to a decrease in student enrollment because their data is not being protected.
Also, computers that are infected with viruses cost the university an average amount of $270,000 because PC support personnel need to be paid to go out and fix the computers that have been compromised.
6 full-time personnel for PC Support to go clean computer viruses (average salary $45,000) = $270,000).
People must be informed that by not having an anti-virus, anti-spyware program, it can lead to dangerous consequences. If a virus is not taken care of immediately, it may eventually lead to spyware or the computer may become inoperable.
Arlene spoke with Gerard D. Cochrane (Chief Information Security Officer for the Information Security Office at UTEP) to discuss what budget costs would be incurred when a Security Awareness web page needs to be created.
The budget costs include:
o Salary of the graphic designer who is in charge of designing the new web page.
Graphic designer - $45,000 (annually)
·
$45,000/50 work weeks in one year = $900/wk
$900/5 days per week = $180/day
$180/8 hrs per day = $22.50 per hour
$22.50 * 4 hours worked on designing web page = $90
o Salary of web applications developer who is in charge of making sure the html code is up to date and conduction the usability studies to see what kind of information UTEP population would like posted on the Awareness site.
Web applications Developer $55,000 (annually)
·
$55,000/50 work weeks in one year = $1100/wk
$1100/5 days per week = $220/day
$220/8 hrs per day = $27.50 per hour
$27.50 * 8 hours worked on designing web page = $220
o Salary of the security analyst who is in charge putting in the content for the webpage
Security analyst - $35,000 (annually)
·
$35,000/50 work weeks in one year = $700/wk
$700/5 days per week = $140/day
$140/8 hrs per day = $17.50 per hour
$17.50 * 4 hours worked on designing web page = $70
o Salary of the Chief Information Security Officer who is in charge of approving the project to have the webpage created and developed.
Chief Information Security Officer - $90,000 (annually)
·
$90,000/50 work weeks in one year = $1800/wk
$1800/5 days per week = $360/day
$360/8 hrs per day = $45.00 per hour
$45.00 *.5 hours worked on designing web page = $22.50
The total cost incurred for creating new Security Awareness page = $402.50
The university already has a server to allocate the space(s) so we can advertise and display the webpage because IT owns the servers. Only one person would be required to create this page. At the most two people but even then, they would divide the time to create the webpage.
The required participants are:
· System owner which is IT because they will be in charge of financing the salary of the security analyst.
· The project manager which is Arlene Padilla to make sure the project gets done and on time and within budget.
· The system designers are Daniel Chaidez and Maribel Mapula because they were in charge of getting the links for the webpage and other information posted,
· The system builder is Edna Mendez because she was in charge of creating the webpage with the information provided by Daniel and Maribel.