Download presentation
Presentation is loading. Please wait.
Published byHugh McKinney Modified over 9 years ago
1
U of Maryland, Baltimore County Risk Analysis of Critical Process –Financial Aid Adapted STAR model –Focus on process and information flow –Reduced analysis time –Relate risk analysis to business process and drivers Outcomes –Improved security –Regulatory compliance –http://www.umbc.edu/security/risk-asessment
2
Overview of UMBC Risk Assessment for Gramm- Leach-Bliley (GLB) Focus of risk assessment was primarily Financial Aid department. We had a limited time-frame in which to implement this assessment due to compliance deadlines Risk assessment focused on the specific requirements in (GLB) and did not encompass other risk threats
3
Step 1. Met with Key Staff Financial aid director mapped out business processes and procedures (half-day) Director of Business Computing mapped out the software and hardware systems supporting financial aid (2 hours) IT coordinators mapped out network and LAN services supporting financial aid (2 hours)
4
Step 2. Model the Information and Communication Flows From the information provided we developed a matrix identifying the information flows between source and destination systems To aid understanding and validation of this matrix we developed a picture identifying the processes and flow of information We met with key staff from step 1 and validated the model design
6
Step 3. Develop Risk Review Key risk components for each entry with X –Likelihood –Vulnerability –Impact Each is assigned a value: –(0) minimal –(1) potentially a problem –(2) High Multiply the three values, focus on any area where risk value is > 1.
7
Step 4. Present Risk Review and Develop Mitigation Plan Meet with the key staff identified in step 1 and present the findings for validation Discuss strategies for mitigating identified risks and the potential impact on business processes For UMBC, primary risks were associated with the use and storage of non-public information (NPI) on desktops in financial aid.
8
UMBC GLB Risk Mitigation Recommendations Upgrade to Windows 2000, require authenticated login to each workstation Configuration policy will auto-update patches and installs firewall All files and databases containing (NPI) must be located on our Novell servers -- no local storage. Financial Aid should be among the first to move to our new protected network VLAN this summer. Working with IT Steering on the issue of emailing NPI information (should/can this be prohibited without encryption)
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.