Educause Security Discussion mailing list archives
Security Reviews for New Systems / Services
From: Chris Kidd <chris.kidd () UTAH EDU>
Date: Tue, 24 Jan 2012 18:05:05 +0000
I'm wondering how organizations have a requirement that all new IT systems/services undergo a security review prior to purchase or implementation. By security review, I mean architecture, risk and control assessments, etc. as well as the use of tools like vulnerability scanners. If you've implemented a review, would you mind sharing your policy and any thoughts on implementation (resourcing, scope, lessons learned)? Thanks, Chris Chris Kidd Chief Information Security Officer University of Utah
Current thread:
- Security Reviews for New Systems / Services Chris Kidd (Jan 24)
- Re: Security Reviews for New Systems / Services Alexander Kurt Keller (Jan 24)
- Re: Security Reviews for New Systems / Services David Seidl (Jan 25)