7.20.10 Security Review
Approved on: 11/02/2005
By: Administrative Council
Effective Date: 11/02/2005
Where appropriate, information security personnel will conduct risk assessments of technologies/processes that are being evaluated and/or used at Georgia State University.
Administration of Policy
Information Systems and Technology, 13th floor, Commerce Building, 3-4357
Responsible Executive(s): AP for Information Systems and Technology
|Position Title||Campus Location||Phone Number and/or E-mail Address|
|Information Systems and Technology||13th Floor, Commerce Bldg.||404-413-4357|
Full Policy Text
Where appropriate, information security personnel will conduct risk assessments of technologies/processes that are being evaluated and/or used at
Rationale or Purpose
Managing the security risks associated with Georgia State University´s ever changing information technology infrastructure presents an enormous challenge. Although some risks can be assessed and managed locally, there are many that cannot be easily understood and/or controlled. In these situations, information security personnel should perform security reviews to determine the threats, the likelihood of such events taking place, the estimated impact if they were to occur and recommend controls.
Threats. Things that can go wrong or that can ´attack´ the system. Examples might include fire, system failure or hacking. Threats are present in every system.
Vulnerabilities. These make a system more prone to attack by a threat or make an attack more likely to have some success or impact. For example, a hacking vulnerability would be the lack of patches on a computer operating system.
Controls. These are the countermeasures for vulnerabilities. There are four types:
--Deterrent controls reduce the likelihood of a deliberate attack
--Preventative controls protect vulnerabilities and make an attack unsuccessful or reduce its impact
--Corrective controls reduce effect of an attack
--Detective controls discover attacks and trigger preventative or corrective controls
Additional Helpful Resources