Educause Security Discussion mailing list archives
Re: Survey on Survey / Technical Difficulties / Walking the Talk / Managing Risk
From: Jim Moore <jhmfa () CIS RIT EDU>
Date: Wed, 7 Aug 2002 13:33:05 -0400
Hello there. Impatient me here. I sent out a survey on Friday, on the use of security baselines, standards, tools, awareness, and incident handling. I figured that it was a good use of what the University InfoSec Professionals mailing list was for, as well as, the Educause Security mailing list. But so far, I have only gotten responses from Univ of Wisconsin (Madison), Columbia, and one other that asked for strict confidentiality. This could be for several reasons. 1) There was technical difficulty at our end, with the mailer. It has had some problems recently, at the worst times. (Murphy's Law) During this survey was one of them. To address this, I have a different mailer at our end. If you mailed a response to me previously, and are not one of the above 3, please mail it again. Please use the new address jhmfa () cis rit edu. 2) You have an aversion to surveys. I do too. But this one is important. I think that you will see why. In fact, if someone wants to work with me to develop this into say, an annual survey, that would be great. 3) We as information assurance professionals, who talk about communicating and networking as well as the hackers, don't believe it. Or our lawyers don't believe it. >So I add a question, is the reason that you didn't respond to the > survey because of fear of risks, or liability? >Are there other risk management concerns that would prevent you from > participating? 4) You are busy, and haven't gotten around to it. If so, please do it within the next week, and reply to this version to take the possibility of technical difficulties out of the way. Thanks Jim - - - - Original Survey - - - - < Confidentiality / Privacy of Information Supplied Questions moved to the End of the Survey > I would like to find out the following: 1) Do you have baselines or standards for the configuration of operating systems security features? If, Yes, is it a standard or a baseline? When did you start your development efforts? Are you willing to share them (with attribution)? A URL? (Attachments?) If, Yes, for which operating systems Windows 95/98/ME Windows NT Windows 2000 Windows XP Linux Do you differentiate between versions of Linux? Redhat Slackware Debian Caldera Corel Apple OS9.x OS X Solaris 7 8 9 Other Do you have other security related standards/baselines? (URLs if you are willing to share) Firewalls IDS Web server configuation Mail server/relay configuration Wireless networking If you don't have standards or baselines, do you offer configuration guidelines to your campus? Do you offer the SANS Step By Step guides? Windows 2000 Solaris Do you offer security tools? Anti-Virus Personal Firewall Other Which of the tools that you supply, do you support? My last question is not related to configuration but incident handling. Do you have an incident handling procedure documented? Is it tied to a policy or standards? Is it implemented with tools? - Confidentiality of Survey questions - Do you want to respond but have the information kept absolutely confidential? Do you want survey information de-identified? If you supply URLs or attachments that are public information, do you also want those references removed? Are you willing to have this published in RIT documentation (as references)? Do you want the summary of this published back to this list? Thanks for your time!!! Jim -- Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 Telephone: (585)475-5406 Fax: (585)475-7950 Cell: (585)233-3802 PGP (jimmoore () mail rit edu): 9C33 0328 CD59 B602 82B8 8521 0DC9 963C D0C0 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/memdir/cg/.
Current thread:
- Re: Survey on Survey / Technical Difficulties / Walking the Talk / Managing Risk Jim Moore (Aug 07)