Educause Security Discussion mailing list archives

Re: University-Wide Risk Assessment

From: "Hunt,Keith A" <keith () UAKRON EDU>
Date: Fri, 18 Aug 2006 10:14:21 -0400

Hello Elliot,

-----Original Message-----
From: Franklin, Elliott [mailto:franklin () TXSTATE EDU] 
Sent: Friday, August 18, 2006 9:48 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] University-Wide Risk Assessment

At Texas State University we too have begun a similar effort. 
 We first
ran multiple NMAP scans to detect common server services.  
Once we had a
list we were comfortable with, we then did best effort to identify the
department based on the server subnet and building.  We then 
developed a
web based Network Device Registration form.  Our Network Use policy
states that all devices acting in any role other than an individual
workstation or printer must be registered.  From this 
registration data,
we will prioritize and then personally visit each server to 
complete our
risk assessment.


What data do you collect for the registration?


Elliott Franklin, CISSP
Information Security Analyst
Texas State University-San Marcos
http://www.vpit.txstate.edu/security 
512.245.2501


-- 
Keith Hunt  330.972.7968  keith () uakron edu
Internet & Server Systems
The University of Akron

Current thread:

University-Wide Risk Assessment Alex Campoe (Aug 18)
- <Possible follow-ups>
- Re: University-Wide Risk Assessment Franklin, Elliott (Aug 18)
- Re: University-Wide Risk Assessment Hunt,Keith A (Aug 18)
- Re: University-Wide Risk Assessment Victoriano Casas, ISO (Aug 18)
- Re: University-Wide Risk Assessment Randy Marchany (Aug 18)
- Re: University-Wide Risk Assessment Franklin, Elliott (Aug 18)
- Re: University-Wide Risk Assessment Brad Judy (Aug 18)
- Re: University-Wide Risk Assessment Jim Dillon (Aug 18)
- Re: University-Wide Risk Assessment Cheek, Leigh (Aug 18)
- Re: University-Wide Risk Assessment Shirley Payne (Aug 18)
- Re: University-Wide Risk Assessment Rodney Petersen (Aug 21)