Educause Security Discussion mailing list archives
Re: Systems Acquisition and Development standard
From: David Escalante <david.escalante () BC EDU>
Date: Fri, 29 Jan 2010 16:37:55 -0500
We have a document several pages long filled with security questions that we co-developed with our Internal Audit department a number of years ago. It's not something we've shared widely, though. We are looking at moving to the Shared Assessments tool. See http://www.sharedassessments.org/ . I believe it's still free, and is, to quote the web page, /"Shared Assessments is a member-driven, industry-standard body that injects speed, efficiency and cost savings into the service provider control assessment process. Shared Assessments Program members <http://sharedassessments.org/members/> work together to eliminate redundancies and create efficiencies, giving all parties a standardized, consistent, faster, more rigorous, more efficient and less costly means of conducting security, privacy and business continuity assessments."/ Why re-invent the wheel when the financial industry already has a tool? If we all use the same questionnaire, it also makes it easier on vendors and suppliers, who don't have to deal with a different set of security questions from every customer. While the questions are intended for service providers, they tend to be OK for internal security as well. -- David Escalante Boston College
Attachment:
david_escalante.vcf
Description:
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Systems Acquisition and Development standard Ben Woelk (Jan 29)
- <Possible follow-ups>
- Re: Systems Acquisition and Development standard Patria, Patricia (Jan 29)
- Re: Systems Acquisition and Development standard James C. Farr '05 (Jan 29)
- Re: Systems Acquisition and Development standard Lorenz, Eva (Jan 29)
- Re: Systems Acquisition and Development standard Patria, Patricia (Jan 29)
- Re: Systems Acquisition and Development standard David Escalante (Jan 29)
- Re: Systems Acquisition and Development standard Ozzie Paez (Jan 29)