Educause Security Discussion mailing list archives

Re: Application Risk Assessment/Questionnaire??

From: Joshua Beeman <jbeeman () ISC UPENN EDU>
Date: Tue, 16 Nov 2010 09:41:56 -0500

Hi Connie,

Penn's Security and Privacy Impact Assessment (SPIA) process is designed to assess risks associated with University 
systems that house confidential, personal or proprietary data in a way that is not unnecessarily complex or burdensome:

http://www.upenn.edu/computing/security/spia/index.php

The SPIA risk assessment tool may not have the application-specific focus that you need, and is not intended to be as 
exhaustive a list of controls as, say NIST 800-53, but it may provide an accessible starting point.

Hope this helps and good luck,

Josh

--
Joshua Beeman
University Information Security Officer
University of Pennsylvania / ISC
3401 Walnut Street, Suite 230A
215-746-7077 / jbeeman () isc upenn edu



On 11/15/10 7:25 PM, "Connie Sadler" <csadler11 () GMAIL COM> wrote:


Does anyone have a simple application assessment/checklist for security that
they would be willing to share? I'm interested in having every department
application/business owner perform an annual assessment of the basis things
they should be doing - without getting too complex.

Thanks!

Current thread:

Application Risk Assessment/Questionnaire?? Connie Sadler (Nov 15)
- Re: Application Risk Assessment/Questionnaire?? Ozzie Paez (Nov 15)
- Re: Application Risk Assessment/Questionnaire?? Joshua Beeman (Nov 16)
  - Re: Application Risk Assessment/Questionnaire?? Valerie Vogel (Nov 16)