Educause Security Discussion mailing list archives
Re: University-Wide Risk Assessment
From: "Hunt,Keith A" <keith () UAKRON EDU>
Date: Fri, 18 Aug 2006 10:14:21 -0400
Hello Elliot,
-----Original Message----- From: Franklin, Elliott [mailto:franklin () TXSTATE EDU] Sent: Friday, August 18, 2006 9:48 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] University-Wide Risk Assessment At Texas State University we too have begun a similar effort. We first ran multiple NMAP scans to detect common server services. Once we had a list we were comfortable with, we then did best effort to identify the department based on the server subnet and building. We then developed a web based Network Device Registration form. Our Network Use policy states that all devices acting in any role other than an individual workstation or printer must be registered. From this registration data, we will prioritize and then personally visit each server to complete our risk assessment.
What data do you collect for the registration?
Elliott Franklin, CISSP Information Security Analyst Texas State University-San Marcos http://www.vpit.txstate.edu/security 512.245.2501
-- Keith Hunt 330.972.7968 keith () uakron edu Internet & Server Systems The University of Akron
Current thread:
- University-Wide Risk Assessment Alex Campoe (Aug 18)
- <Possible follow-ups>
- Re: University-Wide Risk Assessment Franklin, Elliott (Aug 18)
- Re: University-Wide Risk Assessment Hunt,Keith A (Aug 18)
- Re: University-Wide Risk Assessment Victoriano Casas, ISO (Aug 18)
- Re: University-Wide Risk Assessment Randy Marchany (Aug 18)
- Re: University-Wide Risk Assessment Franklin, Elliott (Aug 18)
- Re: University-Wide Risk Assessment Brad Judy (Aug 18)
- Re: University-Wide Risk Assessment Jim Dillon (Aug 18)
- Re: University-Wide Risk Assessment Cheek, Leigh (Aug 18)
- Re: University-Wide Risk Assessment Shirley Payne (Aug 18)
- Re: University-Wide Risk Assessment Rodney Petersen (Aug 21)