Educause Security Discussion mailing list archives
Re: Risk Assessments
From: "Davis, Thomas R." <tdavis () IU EDU>
Date: Wed, 17 Nov 2004 07:45:30 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----Original Message---- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Alt, Brandon C. Sent: Tuesday, November 16, 2004 10:47 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Risk Assessments
developing a formal and complete risk assessment
Hi Brandon, The one thing I might add to the other posts is that it's all too common for the terms "risk assessment" and "vulnerability assessment" to be used incorrectly. So, if you do end up contracting with an external agency to develop and/or perform a risk assessment for you, you'll want them to clearly articulate which you're going to pay for. ;-) Vulnerability assessments tend to focus on network and host based vulnerability scans (and perhaps physical security), and are one part of an overall risk assessment. Risk assessments take a broader view of the entire business process and review other issues such as sensitivity of the data (i.e., where should attention be focused), backups, disaster recovery, policy, etc. - -- Tom Davis, Information Technology Security Officer, CISSP, CISM Office of the VP for Information Technology, Indiana University PGP key or S/MIME certificate: https://www.itso.iu.edu/staff/tdavis/ -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.3 iQA/AwUBQZtH6nMQ7XQGtBENEQJmXACfR9VhrpVmqvicuYcMT1JcQnbzAgAAoING XWw+Vv7XTRVcesRtapgGXstg =xP2S -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Re: Risk Assessments Tim Lane (Nov 16)
- <Possible follow-ups>
- Risk Assessments Alt, Brandon C. (Nov 16)
- Re: Risk Assessments Mike Erickson (Nov 16)
- Re: Risk Assessments Jamie A. Stapleton (Nov 16)
- Re: Risk Assessments Davis, Thomas R. (Nov 17)
- Re: Risk Assessments Ken Shaurette (Nov 23)
- Re: Risk Assessments Havens, Ben (Nov 24)
- Re: Risk Assessments Melissa Guenther (Nov 24)
- Re: Risk Assessments Scholz, Greg (Nov 24)
- Re: Risk Assessments Ken Shaurette (Nov 24)
- Re: Risk Assessments Ken Shaurette (Nov 24)