Educause Security Discussion mailing list archives
Re: risk asessment in edu
From: Gary Flynn <flynngn () JMU EDU>
Date: Fri, 19 Jun 2009 08:01:37 -0400
Wes Young wrote:
If you're really EDU [if i'm reading that statement correctly], I don't think that's a problem, I think it would just help if you just identified who you are affiliated with. I think lots of people on this list are more than willing to help, but at the price of knowing who they are helping, thats all :)
The person is saying they're being placed into a position that they're obviously not ready for and/or the organization they belong to is just now addressing security. They're not going to want to identify themselves or their organization on a public list. They may be doing the responsible thing for their organization by NOT identifying themselves on a public list. If answers are confined to the list rather than private messages or private messages are exchanged with the understanding the other party is unknown, then what is the harm? To the original poster: After dealing with all the data that is protected by various regulations, don't forget continuity of operations. That often gets lost in these discussions. Having your data center, file storage, and/or half your desktops put out of commission for weeks due to virus infection recovery, malicious deletion, fire, or whatever is going to cause significant disruption and losses even if sensitive data is not disclosed. There is some general information on the Educause site that may be of interest. Start your research there: https://wiki.internet2.edu/confluence/display/secguide/Home From the risk management framework guide there: * The most confidential IT resources * IT resources with highest availability requirements * IT resources with the most strict integrity requirements * IT resources that are critical to the mission and function of the unit * IT resources that are most difficult to replace * IT resources that are most expensive to replace https://wiki.internet2.edu/confluence/display/secguide/Risk+Management+Framework -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: risk asessment in edu, (continued)
- Re: risk asessment in edu jeff murphy (Jun 18)
- Re: risk asessment in edu Dave Kovarik (Jun 18)
- Re: risk asessment in edu Dennis Meharchand (Jun 18)
- Re: risk asessment in edu Kevin Wilcox (Jun 18)
- Re: risk asessment in edu Bob Bayn (Jun 18)
- Re: risk asessment in edu jeff murphy (Jun 18)
- Re: risk asessment in edu Wes Young (Jun 18)
- Re: risk asessment in edu Valdis Kletnieks (Jun 18)
- Re: risk asessment in edu reflect ocean (Jun 18)
- Re: risk asessment in edu Wes Young (Jun 19)
- Re: risk asessment in edu Gary Flynn (Jun 19)
- Re: risk asessment in edu Karen Stopford (Jun 19)
- Re: risk asessment in edu reflect ocean (Jun 19)
- Re: risk asessment in edu Plesco, Todd (Jun 19)
- Re: risk asessment in edu Valdis Kletnieks (Jun 19)
- Re: risk asessment in edu Allison Dolan (Jun 19)
- Re: risk asessment in edu Valdis Kletnieks (Jun 19)