Home page logo
/

basics logo Security Basics mailing list archives

Re: Initial Security assesment for a large university - what to ask?
From: Yousef Syed <yousef.syed () gmail com>
Date: Thu, 1 Apr 2010 08:57:27 +0100

Hi,
I'd ask for any of their existing Security Policies and Procedures.
Existing access policies.
Business continuity plans and/or disaster recovery plans.
Current roles and responsibilities.

What is there critical data? How secure is it? Is personel data
secure? How about student data.

Are the applications secure? Who's using them?

Anyway, that's where I'd start.

Ys

On Wednesday, March 31, 2010, Camilo Olea <colea () sunset com mx> wrote:
Dear friends,

I've been asked to be part of a large project. A local college (in Cancun,MX) is changing administration, and as a 
part of it, seems like they are changing the whole IT team. My orders were clear "Make a list of all that they need 
to give to you, security-related".

I'm thinking:

- root logins and passwords for all servers/routers/etc


... and I stopped there. Any other ideas on what I should demand from them?

Thanks,
Camilo Olea

-Por favor piense en el medio ambiente antes de imprimir este mensaje- -Please think of the environment before 
printing this message-

La informacion  de  este correo es de caracter CONFIDENCIAL y PRIVADO y es propiedad de GRUPO SUNSET. La privacidad  
de esta comunicacion goza de proteccion legal. Cualquier revision, retransmision, difusion o cualquier otro uso de 
este correo, por personas o entidades distintas a las del destinatario legitimo, queda expresamente prohibida. Si 
usted ha recibido este mensaje por error, por favor avise inmediatamente al remitente contestando y eliminando este 
correo. Las opiniones incluidas son del remitente, y no necesariamente reflejan  la opinion de GRUPO SUNSET. Este 
correo electronico no pretende ni debe ser considerado como constitutivo de ninguna relacion legal, contractual o de 
otra indole similar.  No puede garantizarse que las comunicaciones de Internet sean seguras, libres de error o virus. 
Por lo tanto GRUPO SUNSET, no acepta responsabilidad alguna.
The contents of this email are CONFIDENTIAL and PRIVATE in nature, and remain the property of SUNSET GROUP. The 
privacy of this email is protected by law. Any revision, forwarding, distribution or any other use of this email, for 
persons or entities other than the legitimate addressee, is forbidden. If you have received this message by mistake, 
please alert the sender immediately by responding to and then eliminating this email. The opinions expressed in this 
email are those of the sender, and may not necessarily reflect the opinions of SUNSET GROUP. This email does not 
constitute, nor should it be considered as confirmation of any legal, contractual, or any other relationship. 
Internet communications cannot be guaranteed to be secure or error-free, as information could be intercepted, 
corrupted, lost, arrive late or contain viruses. SUNSET GROUP does not accept liability for any errors or omissions 
in the context of this message which could arise as a result of Internet
transmission.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



-- 
Yousef Syed
CISSP

http://www.linkedin.com/in/musashi

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault