Educause Security Discussion mailing list archives
Re: Application Risk Assessment/Questionnaire??
From: Valerie Vogel <vvogel () EDUCAUSE EDU>
Date: Tue, 16 Nov 2010 09:51:40 -0700
Hi Connie, The Information Security Guide (www.educause.edu/security/guide) includes 3 campus case studies submitted by UC, Irvine, and each one contains a sample checklist: Application Security for Data Administrators Application Security for Developers and Quality Assurance Personnel Application Security for Management, Project Managers, and Architects Thank you, Valerie _______________ Valerie M. Vogel Program Associate EDUCAUSE Cybersecurity Initiative office: (202) 331-5374 e-mail: vvogel () educause edu <mailto:vvogel () educause edu> http://www.educause.edu/cybersecurity <http://www.educause.edu/cybersecurity> Follow HEISC on Twitter: http://twitter.com/HEISCouncil <http://twitter.com/HEISCouncil> From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joshua Beeman Sent: Tuesday, November 16, 2010 6:42 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Application Risk Assessment/Questionnaire?? Hi Connie, Penn's Security and Privacy Impact Assessment (SPIA) process is designed to assess risks associated with University systems that house confidential, personal or proprietary data in a way that is not unnecessarily complex or burdensome: http://www.upenn.edu/computing/security/spia/index.php The SPIA risk assessment tool may not have the application-specific focus that you need, and is not intended to be as exhaustive a list of controls as, say NIST 800-53, but it may provide an accessible starting point. Hope this helps and good luck, Josh -- Joshua Beeman University Information Security Officer University of Pennsylvania / ISC 3401 Walnut Street, Suite 230A 215-746-7077 / jbeeman () isc upenn edu On 11/15/10 7:25 PM, "Connie Sadler" <csadler11 () GMAIL COM> wrote:
Does anyone have a simple application assessment/checklist for
security that
they would be willing to share? I'm interested in having every
department
application/business owner perform an annual assessment of the basis
things
they should be doing - without getting too complex. Thanks!
Current thread:
- Application Risk Assessment/Questionnaire?? Connie Sadler (Nov 15)
- Re: Application Risk Assessment/Questionnaire?? Ozzie Paez (Nov 15)
- Re: Application Risk Assessment/Questionnaire?? Joshua Beeman (Nov 16)
- Re: Application Risk Assessment/Questionnaire?? Valerie Vogel (Nov 16)