Versions Compared

Old Version 2

changes.mady.by.user JAMES PHELPS

Saved on

compared with

New Version 3

changes.mady.by.user JAMES PHELPS

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tip
titlePresentations and Links

ITANA-Security Architecture Wisconsin v2.ppt  
OCIS site
UW-Madison IT Security Principles
UW-Madison IT Risk Assessment Process

Should there even be a Security Architecture?  Shouldn't security be embedded in all of the groups and users?  When Stefan started in 2001, he always was asked, "Why" about security items.  Why do I need to use a firewall?  Why should I have logging turned on?  Set a set of principles:
• Security is Everyone's Responsibility
• Security is Part of the Development Life Cycle
• Security is Asset Management (classifying the information)
• Security is a Common Understanding
We have a five step process for doing a risk assessment.  First we agree to the assessment scope, then conduct the assessment, develop a draft report, communicate the findings then re-assess as needed.

Risk = (Impact X Likelihood) / (Mitigation Controls)

Impact is related to costs.  How do you monetize reputation?  You can ask how would you spend to prevent this from happening.  This is a Risk Prioritization process.

How do you balance the security principles against the development principles (scalability et al).

...