Information Security Assessment Agenda
On this page:
Introductions
- Who we are
- Assessment Objectives.
System Business Objectives
- What it does
- System Demonstration
- Critical applications and user interaction
- User account administration
- User remote access requirements
Functional Architecture
- Diagram of system from a functional view
- Data Model
- Data flow of typical transactions
- Types of transactions with different parties
- System Architecture
- Remote Access
- Interfaces and Integrations
- High-level descriptions of mechanisms to secure data
- Administration of configuration changes.
Effects on Other Systems
- Oracle Financials
- PeopleSoft
- Registries / Authority Manager
- CBord (Diebold) Gold
- Other Stanford Systems
- External Systems (not previously discussed)
Hardware
- Types of Servers and their roles
- Network Architecture / Configuration – routers, switches, firewalls, etc.
Security Policies, Procedures & Processes
- Security Policies
- Restricted Data? (HIPAA, SS#, PCI / CC#, FERPA, etc.)
- Communication protocols / encryption methods
- Software Products – OS, Web, Database, Change Management, etc.
- Proprietary tools / applications
- Administration Processes – software patches and updates, product deployment, security/user administration, network monitoring
- Administration of configuration changes
- Privileged Access
Back-up & Recovery
- Backup Procedures
- Disaster Recovery
- Business Continuity.
Next Steps
- Hands-on Inspections
- Follow-up Meetings
- Closing / Summarization
Last modifiedFriday, 21-Sep-2007 11:08:52 AM