Home Project Overview About the Project Executive Summary Conference Handouts & Slides Press Releases For Superintendents & Policy Makers For Technology Leaders Security Updates & Articles Online Security for Students Share Your Story Free Newsletter Contact Us Join CoSN Blogs and Podcast
Navigation Bar
Keep In Touch

Just fill out the form below, and we'll contact you whenever new information, case studies and best practices are posted to the site!








Please send me more information about becoming a CoSN Member

 
For Technology Leaders
 

The Planning Process

Security Planning Protocol Step 2: Risk Analysis

Detailed Explanation for Phase 2

2-A. Identify Risks

Inventory your technology, data, & expertise*

  • Systems: internal & external extensions
  • Data: accuracy, integrity, security, privacy
  • Physical plant
  • People: staff, users, stakeholders

Measure potential impact of disruptive events
on organization if assets are…

  • Disclosed
  • Corrupted
  • Taken out of service
* Asset-based approach draws on work done by Software Engineering Institute at Carnegie-Mellon University

2-B. Assess Vulnerabilities & Threats

  • Systems: weakness may be inherent, created during installation or configuration, caused by maintenance or patterns of ( mis)use, or by attacks
  • Physical plant: exposure to power loss or spikes, floods or burst pipes, overheating or cold, vandalism or fire
  • Organization: inadequate policies, training, or staffing
  • People: accidental and intentional causes

2-C. Security Stress Tests

  • Diagnostic tests: Periphery, Internals, Shared Spaces
  • Operational Reviews
  • User evaluation
  • Architectural evaluation

Prioritize security gaps
Rank on impact, then probability

OUTCOME:
Security Project Description
A project description that includes goals, processes, resources, and decision-making standards.

 
Phase 1: Set Security Goals
Phase 3: Risk Reduction

 

  
A Leadership Initiative of CoSN