Policy (open access)
As established by the USG IT Handbook section 5.6, the level of security controls implemented on a system should be relative and proportionate to the level of risk associated with that system. This level of risk may be attributed to factors such as network topology, services and resources offered, type of information managed, and government mandated privacy protection policies including, but not limited to, HIPAA, PCI-DSS, and FERPA
Vice President of Information Technology
Chief Information Officer
"Security Standards for Information Systems" (2012). Information Technology Services. 16.