Educause Security Discussion mailing list archives
Re: Application Risk Assessment/Questionnaire??
From: Joshua Beeman <jbeeman () ISC UPENN EDU>
Date: Tue, 16 Nov 2010 09:41:56 -0500
Hi Connie, Penn's Security and Privacy Impact Assessment (SPIA) process is designed to assess risks associated with University systems that house confidential, personal or proprietary data in a way that is not unnecessarily complex or burdensome: http://www.upenn.edu/computing/security/spia/index.php The SPIA risk assessment tool may not have the application-specific focus that you need, and is not intended to be as exhaustive a list of controls as, say NIST 800-53, but it may provide an accessible starting point. Hope this helps and good luck, Josh -- Joshua Beeman University Information Security Officer University of Pennsylvania / ISC 3401 Walnut Street, Suite 230A 215-746-7077 / jbeeman () isc upenn edu On 11/15/10 7:25 PM, "Connie Sadler" <csadler11 () GMAIL COM> wrote:
Does anyone have a simple application assessment/checklist for security that they would be willing to share? I'm interested in having every department application/business owner perform an annual assessment of the basis things they should be doing - without getting too complex. Thanks!
Current thread:
- Application Risk Assessment/Questionnaire?? Connie Sadler (Nov 15)
- Re: Application Risk Assessment/Questionnaire?? Ozzie Paez (Nov 15)
- Re: Application Risk Assessment/Questionnaire?? Joshua Beeman (Nov 16)
- Re: Application Risk Assessment/Questionnaire?? Valerie Vogel (Nov 16)