The security program for Blue Bookstore will be aligned to protect and ensure proper functioning of all of its core and supplemental lines of businesses. Constantly evolving technology entails new threats and, consequently, an increase in the risks associated with automation. An enterprise-wide understanding of the responsibilities, threats and risks should be created to take adequate security measures, establish security organization and instill the security culture in our Bookstore.

Program Scope

• All the critical business information and Information Systems possessed by or used by a business unit within Blue Bookstore must have a designated owner. This would encompass all of our core and supplemental lines of business (Books, Merchandise, Food, Electronics).

• Information owners from each of our lines of business are responsible for assigning appropriate sensitivity classifications (Restricted, Confidential, Internal and Public), authorizing access to their information, assigning an information custodian including any additional protection requirements above the minimum required.

Program Goals

Information Technology supports, manage, and maintain much of the information used at Blue Bookstore thus Information must be appropriately protected to assure its confidentiality, integrity, and availability.

• As new information systems are developed or acquired, the information owner from each line of business is responsible for defining the protection requirements for the systems managing his/her information.

• The data owner may delegate the authority for making these decisions to others in his/her department, but may not delegate the responsibility.

• These requirements include, but are not limited to, access control and management, data retention and destruction, backup requirements, and disaster recovery parameters.