U of Maryland, Baltimore County - PowerPoint PPT Presentation

1 / 9
About This Presentation
Title:

U of Maryland, Baltimore County

Description:

Overview of UMBC Risk Assessment ... For UMBC, primary risks were associated with the use and storage of non-public ... UMBC GLB Risk Mitigation Recommendations ... – PowerPoint PPT presentation

Number of Views:16
Avg rating:3.0/5.0
Slides: 10
Provided by: jacks93
Learn more at: https://www.usmd.edu
Category:

less

Transcript and Presenter's Notes

Title: U of Maryland, Baltimore County


1
U of Maryland, Baltimore County
  • Risk Analysis of Critical Process
  • Financial Aid
  • Adapted STAR model
  • Focus on process and information flow
  • Reduced analysis time
  • Relate risk analysis to business process and
    drivers
  • Outcomes
  • Improved security
  • Regulatory compliance
  • http//www.umbc.edu/security/risk-asessment

2
Overview of UMBC Risk Assessment for
Gramm-Leach-Bliley (GLB)
  • Focus of risk assessment was primarily Financial
    Aid department.
  • We had a limited time-frame in which to implement
    this assessment due to compliance deadlines
  • Risk assessment focused on the specific
    requirements in (GLB) and did not encompass other
    risk threats

3
Step 1. Met with Key Staff
  • Financial aid director mapped out business
    processes and procedures (half-day)
  • Director of Business Computing mapped out the
    software and hardware systems supporting
    financial aid (2 hours)
  • IT coordinators mapped out network and LAN
    services supporting financial aid (2 hours)

4
Step 2. Model the Information and Communication
Flows
  • From the information provided we developed a
    matrix identifying the information flows between
    source and destination systems
  • To aid understanding and validation of this
    matrix we developed a picture identifying the
    processes and flow of information
  • We met with key staff from step 1 and validated
    the model design

5
(No Transcript)
6
Step 3. Develop Risk Review
  • Key risk components for each entry with X
  • Likelihood
  • Vulnerability
  • Impact
  • Each is assigned a value
  • (0) minimal
  • (1) potentially a problem
  • (2) High
  • Multiply the three values, focus on any area
    where risk value is gt 1.

7
Step 4. Present Risk Review and Develop
Mitigation Plan
  • Meet with the key staff identified in step 1 and
    present the findings for validation
  • Discuss strategies for mitigating identified
    risks and the potential impact on business
    processes
  • For UMBC, primary risks were associated with the
    use and storage of non-public information (NPI)
    on desktops in financial aid.

8
UMBC GLB Risk Mitigation Recommendations
  • Upgrade to Windows 2000, require authenticated
    login to each workstation
  • Configuration policy will auto-update patches and
    installs firewall
  • All files and databases containing (NPI) must be
    located on our Novell servers -- no local
    storage.
  • Financial Aid should be among the first to move
    to our new protected network VLAN this summer.
  • Working with IT Steering on the issue of emailing
    NPI information (should/can this be prohibited
    without encryption)

9
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com