Educause Security Discussion mailing list archives

Security Reviews for New Systems / Services

From: Chris Kidd <chris.kidd () UTAH EDU>
Date: Tue, 24 Jan 2012 18:05:05 +0000

I'm wondering how organizations have a requirement that all new IT systems/services undergo a security review prior to 
purchase or implementation. By security review, I mean architecture, risk and control assessments, etc. as well as the 
use of tools like vulnerability scanners.

If you've implemented a review, would you mind sharing your policy and any thoughts on implementation (resourcing, 
scope, lessons learned)?

Thanks,
Chris

Chris Kidd
Chief Information Security Officer
University of Utah

Current thread:

Security Reviews for New Systems / Services Chris Kidd (Jan 24)
- Re: Security Reviews for New Systems / Services Alexander Kurt Keller (Jan 24)
- Re: Security Reviews for New Systems / Services David Seidl (Jan 25)