Re: risk asessment in edu

[reflect ocean <reflect.ocean () GMAIL COM>]

Let me excuse for not using an appropriate edu identifying email
address.At the time i subscribed there were not any restriction that
keep me from proceed.
I was referred to this mailing list because of the focus on security
in educational field to which certainly i belong and because there are
not regional mailinglist focused in security on edu where we belong
(Southamerica).I though not to choose identifying myself would be fine
like any other mailing-list if that breaks the rules then i will
proceed to sign off.

I thank all the responses even from who suspects of us being
collecting data for some paper.I am not.I am a network admin with
operational security knowledge who recently is facing the challenge to
be in charge for information security for the whole organization.That
is all.

Thank you again.


On Thu, Jun 18, 2009 at 4:24 PM, Valdis
Kletnieks<Valdis.Kletnieks () vt edu> wrote:
> On Thu, 18 Jun 2009 16:19:27 EDT, Kevin Wilcox said:
>
> > I read the first paragraph, then checked the email address, and
> > decided it was better to ignore. Someone in the business that is
> > tasked with IS responsibilities will almost certainly know, beyond
> > student data, what they are being tasked with protecting.
>
> One would hope so.
>
> On the other hand, I've seen plenty of cases at smaller sites (and a few larger
> ones too), where somebody suddenly aquired IS responsibilities but didn't have
> a good handle on what ball of wax they just got tossed.  This often happens
> when The Previous Guy departs suddenly. Been there, done that - I found out the
> hard way that I didn't know Legato Networker as well as I thought when I
> suddenly became the primary for it when the previous person died in a
> gyrocopter crash.
>
> The original poster may just be trying to avoid leaving a paper trail of
> beiing in over their head.  I know it would be tempting in that situation...