Educause Security Discussion mailing list archives
University-Wide Risk Assessment
From: Alex Campoe <campoe () USF EDU>
Date: Fri, 18 Aug 2006 07:48:16 -0400
One thing that Connie Sadler from Brown University mentioned recently made me curious. We are about to embark on an attempt to perform a University-wide risk assessment program and we're trying to figure out how to go about doing it. Our environment is pretty large and decentralized. The questions are many, but I would like to know how other Universities approach the issue. Do you send out surveys, or is the RA done personally? How detailed are the questions? Do you cover both technical and procedural issues? Do you base the questions on existing policies? Who answers the questions? Individual techs or heads of departments? What method do you use? Electronic? Web based? Written and signed? Thanks -- -- Alex Campoe, CISSP Information Security Manager -- -- Associate Director, Systems -- -- Email: campoe () usf edu Phone: (813) 974-1796 -- -- Academic Computing University of South Florida -- -----------------------------------------------------------------------
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- University-Wide Risk Assessment Alex Campoe (Aug 18)
- <Possible follow-ups>
- Re: University-Wide Risk Assessment Franklin, Elliott (Aug 18)
- Re: University-Wide Risk Assessment Hunt,Keith A (Aug 18)
- Re: University-Wide Risk Assessment Victoriano Casas, ISO (Aug 18)
- Re: University-Wide Risk Assessment Randy Marchany (Aug 18)
- Re: University-Wide Risk Assessment Franklin, Elliott (Aug 18)
- Re: University-Wide Risk Assessment Brad Judy (Aug 18)
- Re: University-Wide Risk Assessment Jim Dillon (Aug 18)
- Re: University-Wide Risk Assessment Cheek, Leigh (Aug 18)
- Re: University-Wide Risk Assessment Shirley Payne (Aug 18)
- Re: University-Wide Risk Assessment Rodney Petersen (Aug 21)