We (*) do not know enough about Your environment to give a 100% complete guideline on how to implement CICS security or to change something in Your current setup ;
from Your question I guess it is not implemented at all, there are many tasks and lot of testing to be carried on in order to do it.
To help You we (*) should read and summarize for You the relevant CICS manuals
start looking at the manual :
CICS RACF Security Guide
P.S. (*) stands for "I and the other forum participants"