Educause Security Discussion mailing list archives
Re: University-Wide Risk Assessment
From: "Franklin, Elliott" <franklin () TXSTATE EDU>
Date: Fri, 18 Aug 2006 09:43:01 -0500
We collect: * Primary and backup contact info (including personal cell phone numbers) * Device Information (OS, Web Server Software, Domain name, building, room) * Device Function (Database server, email server, etc) * Data Resources Stored (Student records, PHI, SSN, etc) * Backup Cycle (never, daily, weekly, etc) We wanted to keep it as short as possible while still giving us the data we needed to prioritize. Hope this helps! Elliott Franklin, CISSP Information Security Analyst Texas State University-San Marcos http://www.vpit.txstate.edu/security 512.245.2501 -----Original Message----- From: Hunt,Keith A [mailto:keith () UAKRON EDU] Sent: Friday, August 18, 2006 9:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] University-Wide Risk Assessment Hello Elliot,
-----Original Message----- From: Franklin, Elliott [mailto:franklin () TXSTATE EDU] Sent: Friday, August 18, 2006 9:48 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] University-Wide Risk Assessment At Texas State University we too have begun a similar effort. We first ran multiple NMAP scans to detect common server services. Once we had a list we were comfortable with, we then did best effort to identify the department based on the server subnet and building. We then developed a web based Network Device Registration form. Our Network Use policy states that all devices acting in any role other than an individual workstation or printer must be registered. From this registration data, we will prioritize and then personally visit each server to complete our risk assessment.
What data do you collect for the registration?
Elliott Franklin, CISSP Information Security Analyst Texas State University-San Marcos http://www.vpit.txstate.edu/security 512.245.2501
-- Keith Hunt 330.972.7968 keith () uakron edu Internet & Server Systems The University of Akron
Current thread:
- University-Wide Risk Assessment Alex Campoe (Aug 18)
- <Possible follow-ups>
- Re: University-Wide Risk Assessment Franklin, Elliott (Aug 18)
- Re: University-Wide Risk Assessment Hunt,Keith A (Aug 18)
- Re: University-Wide Risk Assessment Victoriano Casas, ISO (Aug 18)
- Re: University-Wide Risk Assessment Randy Marchany (Aug 18)
- Re: University-Wide Risk Assessment Franklin, Elliott (Aug 18)
- Re: University-Wide Risk Assessment Brad Judy (Aug 18)
- Re: University-Wide Risk Assessment Jim Dillon (Aug 18)
- Re: University-Wide Risk Assessment Cheek, Leigh (Aug 18)
- Re: University-Wide Risk Assessment Shirley Payne (Aug 18)
- Re: University-Wide Risk Assessment Rodney Petersen (Aug 21)