Educause Security Discussion mailing list archives

Re: risk asessment in edu

From: Gary Flynn <flynngn () JMU EDU>
Date: Fri, 19 Jun 2009 08:01:37 -0400

Wes Young wrote:

If you're really EDU [if i'm reading that statement correctly], I don't
think that's a problem, I think it would just help if you just
identified who you are affiliated with. I think lots of people on this
list are more than willing to help, but at the price of knowing who they
are helping, thats all :)



The person is saying they're being placed into a position that
they're obviously not ready for and/or the organization they
belong to is just now addressing security. They're not going
to want to identify themselves or their organization on a public
list. They may be doing the responsible thing for their
organization by NOT identifying themselves on a public list.

If answers are confined to the list rather than private
messages or private messages are exchanged with the
understanding the other party is unknown, then what is
the harm?

To the original poster:

After dealing with all the data that is protected by various
regulations, don't forget continuity of operations. That
often gets lost in these discussions. Having your data center,
file storage, and/or half your desktops put out of commission
for weeks due to virus infection recovery, malicious deletion,
fire, or whatever is going to cause significant disruption and
losses even if sensitive data is not disclosed.

There is some general information on the Educause site that
may be of interest. Start your research there:
https://wiki.internet2.edu/confluence/display/secguide/Home

From the risk management framework guide there:

* The most confidential IT resources
* IT resources with highest availability requirements
* IT resources with the most strict integrity requirements
* IT resources that are critical to the mission and function of the
  unit
* IT resources that are most difficult to replace
* IT resources that are most expensive to replace

https://wiki.internet2.edu/confluence/display/secguide/Risk+Management+Framework



--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Current thread:

Re: risk asessment in edu, (continued)
- Re: risk asessment in edu jeff murphy (Jun 18)
- Re: risk asessment in edu Dave Kovarik (Jun 18)
- Re: risk asessment in edu Dennis Meharchand (Jun 18)
- Re: risk asessment in edu Kevin Wilcox (Jun 18)
- Re: risk asessment in edu Bob Bayn (Jun 18)
- Re: risk asessment in edu jeff murphy (Jun 18)
- Re: risk asessment in edu Wes Young (Jun 18)
- Re: risk asessment in edu Valdis Kletnieks (Jun 18)
- Re: risk asessment in edu reflect ocean (Jun 18)
- Re: risk asessment in edu Wes Young (Jun 19)
- Re: risk asessment in edu Gary Flynn (Jun 19)
- Re: risk asessment in edu Karen Stopford (Jun 19)
- Re: risk asessment in edu reflect ocean (Jun 19)
- Re: risk asessment in edu Plesco, Todd (Jun 19)
- Re: risk asessment in edu Valdis Kletnieks (Jun 19)
- Re: risk asessment in edu Allison Dolan (Jun 19)
- Re: risk asessment in edu Valdis Kletnieks (Jun 19)