Educause Security Discussion mailing list archives

Re: Business / Functional Ownership of non business / end user applications

From: "Dr. Wole Akpose" <wole.akpose () MORGAN EDU>
Date: Thu, 12 May 2011 19:23:07 -0400

Can you give an example of what you mean by Single-Sign-On App?


-- 
*Visit http://msusac.morgan.edu for up to date discussions on Cyber Security
*
Wole Akpose. CISSP, CGEIT, D.Eng, SS-BB
Planning & Information Technology
Morgan State University
1700 E. Cold Spring Lane
Baltimore, MD 21251.
p. 443.885.1850 / 443.885.3372
f. 443.885.8304 /443.885.8211


On Thu, May 12, 2011 at 5:27 PM, Radford, Jennifer <jradford () intaudit ubc ca

wrote:

Hi all,



I would let to get a sense of what the norm is out there for ownership of
applications that are not directly connect to the end users.  For example,
from a best practice perspective, the Payroll application would be owned by
the department head for payroll. This owner would be accountable for
ensuring their data is secure by communicating required policies to IT so
they can set up security configurations etc.  However, my challenge is
around applications such as single sign on apps that are pervasive in nature
and campus wide – whilst they may have an IT custodian, there may not be a
‘functional / business’ owner assigned to ensure password policies etc as
set in line with what senior management requires.



Any thoughts?



Cheers,



Jenny



Jennifer Radford, Senior IT Audit Manager

Internal Audit, UBC

6000 Iona Drive, Vancouver, BC Canada V6T 1L4

Phone:  604-822-6512

Fax:  604-822-9027

E-mail:  Jradford () intaudit ubc ca

Web:  www.intaudit.ubc.ca

The information contained in this e-mail message is strictly confidential
and intended solely for the use of the designated addressee(s). Any
unauthorized viewing, disclosure, copying or distribution of this e-mail is
prohibited and may be unlawful. If you have received this e-mail in error,
please do not read it, reply to the sender immediately to inform us that you
are not the intended recipient, and delete the e-mail from your computer
system. Thank you.

Current thread:

Business / Functional Ownership of non business / end user applications Radford, Jennifer (May 12)
- Re: Business / Functional Ownership of non business / end user applications Dr. Wole Akpose (May 12)
  - Re: Business / Functional Ownership of non business / end user applications Valdis Kletnieks (May 12)
    - Re: Business / Functional Ownership of non business / end user applications Brendan Bellina (May 13)
- Re: Business / Functional Ownership of non business / end user applications Jack Suess (May 12)
- Re: Business / Functional Ownership of non business / end user applications Mike Wiseman (May 13)
- <Possible follow-ups>
- Re: Business / Functional Ownership of non business / end user applications Jones, Dan (May 12)