Educause Security Discussion mailing list archives
Re: 3rd Party conducted Risk Assessment
From: "Hudson, Edward" <ewhudson () CSUCHICO EDU>
Date: Mon, 17 Aug 2009 11:57:04 -0700
As a former vendor I can say I think this isn't just a good idea, it's a "must do" in order to differentiate between those who say they can, and those who can really deliver what you ask for. No one better than current customers to separate the wheat from the chaff. No vendor worth their salt should hesitate a moment in providing you references aligned with your particular needs. I.E. risk assessment in higher edu. Don't settle for a reference from another industry. <my .02> Ed Hudson, CISM Information Security Office California State University, Chico www.csuchico.edu/ires/security Office: (530) 898-6307 Cell: 707-799-3250 ewhudson () csuchico edu -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Myers, Julie Sent: Monday, August 17, 2009 11:23 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] 3rd Party conducted Risk Assessment We have been considering engaging a consultant to conduct a University wide Risk Assessment. We are currently the process of collecting reference from these vendors. I was wondering if any of you have gone down this path and your perception on the value add of doing so. Thank you, Julie Myers Chief Information Security Officer University of Rochester - University IT julie.myers () rochester edu p: 585.273.1804 c: 585.208.0939 P Think twice before you print CONFIDENTIALITY: This email (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this email in error, please notify the sender and delete this email from your system. Thank you.
Current thread:
- 3rd Party conducted Risk Assessment Myers, Julie (Aug 17)
- <Possible follow-ups>
- Re: 3rd Party conducted Risk Assessment Kathy Bergsma (Aug 17)
- Re: 3rd Party conducted Risk Assessment Todd Britton (Aug 17)
- Re: 3rd Party conducted Risk Assessment Hudson, Edward (Aug 17)
- Re: 3rd Party conducted Risk Assessment Hugh Burley (Aug 17)