Educause Security Discussion mailing list archives

Re: Application Risk Assessment/Questionnaire??

From: Valerie Vogel <vvogel () EDUCAUSE EDU>
Date: Tue, 16 Nov 2010 09:51:40 -0700

Hi Connie, 

 

The Information Security Guide (www.educause.edu/security/guide)
includes 3 campus case studies submitted by UC, Irvine, and each one
contains a sample checklist:

 

Application Security for Data Administrators

Application Security for Developers and Quality Assurance Personnel

Application Security for Management, Project Managers, and Architects

 

Thank you,

Valerie

_______________

 

Valerie M. Vogel

Program Associate

EDUCAUSE Cybersecurity Initiative

office: (202) 331-5374

e-mail: vvogel () educause edu <mailto:vvogel () educause edu>  

http://www.educause.edu/cybersecurity
<http://www.educause.edu/cybersecurity> 

 

Follow HEISC on Twitter: http://twitter.com/HEISCouncil
<http://twitter.com/HEISCouncil> 

 

From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joshua Beeman
Sent: Tuesday, November 16, 2010 6:42 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Application Risk Assessment/Questionnaire??

 

Hi Connie, 

Penn's Security and Privacy Impact Assessment (SPIA) process is designed
to assess risks associated with University systems that house
confidential, personal or proprietary data in a way that is not
unnecessarily complex or burdensome:  

http://www.upenn.edu/computing/security/spia/index.php 

The SPIA risk assessment tool may not have the application-specific
focus that you need, and is not intended to be as exhaustive a list of
controls as, say NIST 800-53, but it may provide an accessible starting
point. 

Hope this helps and good luck,

Josh 

-- 
Joshua Beeman
University Information Security Officer
University of Pennsylvania / ISC
3401 Walnut Street, Suite 230A
215-746-7077 / jbeeman () isc upenn edu



On 11/15/10 7:25 PM, "Connie Sadler" <csadler11 () GMAIL COM> wrote:


Does anyone have a simple application assessment/checklist for

security that

they would be willing to share? I'm interested in having every

department

application/business owner perform an annual assessment of the basis

things

they should be doing - without getting too complex.

Thanks!

Current thread:

Application Risk Assessment/Questionnaire?? Connie Sadler (Nov 15)
- Re: Application Risk Assessment/Questionnaire?? Ozzie Paez (Nov 15)
- Re: Application Risk Assessment/Questionnaire?? Joshua Beeman (Nov 16)
  - Re: Application Risk Assessment/Questionnaire?? Valerie Vogel (Nov 16)