Educause Security Discussion mailing list archives

Re: Risk Assessments

From: Tim Lane <tlane () SCU EDU AU>
Date: Tue, 16 Nov 2004 23:51:13 +1100

Brandon,

similar to Michael's comments, we are looking at contracting external
consultants to perform an audit containing four sections:

1) Network vulnerability assessment
2) Internet facing Web services assessment
3) Corporate systems assessment
4) practices, policy, procedural assessment

Although I am aware of some good tools which form checklists for an audit
in relation to compliance (for example one I have which has been meshed
together from various documents for 17799), and another one I am aware of
from the Security Task Force, it seems to me your major choices are either
in house RA or external.  If you have to do this internal, the things I
would be considering are 1) Does it include a technical vulnerability
test  and two) what standard or framework are you measuring against for
compliance assessment, and 3) how well scoped is the RA.  These are the
things that were issues/considerations for us.

Tim





At 10:46 AM 16/11/2004 -0500, you wrote:

Hello to the List!



            I am currently in the process of developing a formal and
complete risk assessment for our organization. I wanted to find out if
anyone else has gone through this, what tools and methods did you use,
how long did it take, what were your results, and anything else that you
might like to share about this. Does anyone have any thoughts on
performing annual risk assessments?



Thank to all!



Brandon Alt

Information Security Manager

Technology Division

Duval County Public Schools

<mailto:altb () educationcentral org>altb () educationcentral org


********** Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/groups/.


Tim Lane
Information Security Program Manager

Information Technology and Telecommunication Services
Southern Cross University
PO Box 157 Lismore NSW 2480

Ph:  61 2 6620 3290
Fax: 61 2 6620 3033
Email: tlane () scu edu au
http://www.scu.edu.au

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Re: Risk Assessments Tim Lane (Nov 16)
- <Possible follow-ups>
- Risk Assessments Alt, Brandon C. (Nov 16)
- Re: Risk Assessments Mike Erickson (Nov 16)
- Re: Risk Assessments Jamie A. Stapleton (Nov 16)
- Re: Risk Assessments Davis, Thomas R. (Nov 17)
- Re: Risk Assessments Ken Shaurette (Nov 23)
- Re: Risk Assessments Havens, Ben (Nov 24)
- Re: Risk Assessments Melissa Guenther (Nov 24)
- Re: Risk Assessments Scholz, Greg (Nov 24)
- Re: Risk Assessments Ken Shaurette (Nov 24)
- Re: Risk Assessments Ken Shaurette (Nov 24)