Educause Security Discussion mailing list archives
Re: Risk Assessments
From: Tim Lane <tlane () SCU EDU AU>
Date: Tue, 16 Nov 2004 23:51:13 +1100
Brandon, similar to Michael's comments, we are looking at contracting external consultants to perform an audit containing four sections: 1) Network vulnerability assessment 2) Internet facing Web services assessment 3) Corporate systems assessment 4) practices, policy, procedural assessment Although I am aware of some good tools which form checklists for an audit in relation to compliance (for example one I have which has been meshed together from various documents for 17799), and another one I am aware of from the Security Task Force, it seems to me your major choices are either in house RA or external. If you have to do this internal, the things I would be considering are 1) Does it include a technical vulnerability test and two) what standard or framework are you measuring against for compliance assessment, and 3) how well scoped is the RA. These are the things that were issues/considerations for us. Tim At 10:46 AM 16/11/2004 -0500, you wrote:
Hello to the List! I am currently in the process of developing a formal and complete risk assessment for our organization. I wanted to find out if anyone else has gone through this, what tools and methods did you use, how long did it take, what were your results, and anything else that you might like to share about this. Does anyone have any thoughts on performing annual risk assessments? Thank to all! Brandon Alt Information Security Manager Technology Division Duval County Public Schools <mailto:altb () educationcentral org>altb () educationcentral org ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Tim Lane Information Security Program Manager Information Technology and Telecommunication Services Southern Cross University PO Box 157 Lismore NSW 2480 Ph: 61 2 6620 3290 Fax: 61 2 6620 3033 Email: tlane () scu edu au http://www.scu.edu.au ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Re: Risk Assessments Tim Lane (Nov 16)
- <Possible follow-ups>
- Risk Assessments Alt, Brandon C. (Nov 16)
- Re: Risk Assessments Mike Erickson (Nov 16)
- Re: Risk Assessments Jamie A. Stapleton (Nov 16)
- Re: Risk Assessments Davis, Thomas R. (Nov 17)
- Re: Risk Assessments Ken Shaurette (Nov 23)
- Re: Risk Assessments Havens, Ben (Nov 24)
- Re: Risk Assessments Melissa Guenther (Nov 24)
- Re: Risk Assessments Scholz, Greg (Nov 24)
- Re: Risk Assessments Ken Shaurette (Nov 24)
- Re: Risk Assessments Ken Shaurette (Nov 24)