Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Pre Production System Accreditation
From: "St Clair, Jim" <Jim.StClair () GT COM>
Date: Tue, 4 Sep 2007 10:39:46 -0400

Chad,

This is an excellent idea, and in keeping with what research facilities
have to do under gov't contract. I assume you are using the NIST
framework?

James A.St.Clair, CISM
Sr. Manager
Global Public Sector
Grant Thornton LLP
(703) 637-3078 (office)
(703) 727-6332 (mobile)
(703) 837-4455 (fax)


-----Original Message-----
From: Chad McDonald [mailto:chad.mcdonald () GCSU EDU] 
Sent: Tuesday, September 04, 2007 10:13 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Pre Production System Accreditation

I have proposed that GCSU develop a policy that would require that a
server or system be accredited prior to moving that system into
production.  The accreditation process among other things would verify
that the system's security has been reviewed before potentially
sensitive information is stored on or travels through that system.  I
originally thought that this would blow through the policy approval
process with flying colors, but unfortunately I'm being blocked by my
own department's system administrators.  Am I completely off base with
this recommendation? 


Chad McDonald, CISSP, CISA 
Chief Information Security Officer
Georgia College & State University
Phone   478.445.4473
Cell    478.454.8250
Fax     478.445.1202
Email   chad.mcdonald () gcsu edu
 

--------------------------------------------------------


In accordance with applicable professional regulations, please understand that, unless expressly stated otherwise, any 
written advice contained in, forwarded with, or attached to this e-mail is not intended or written by Grant Thornton 
LLP to be used, and cannot be used, by any person for the purpose of avoiding any penalties that may be imposed under 
the Internal Revenue Code. 

--------------------------------------------------------

 This e-mail is intended solely for the person or entity to which it is addressed and may contain confidential and/or 
privileged information.  Any review, dissemination, copying, printing or other use of this e-mail by persons or 
entities other than the addressee is prohibited.  If you have received this e-mail in error, please contact the sender 
immediately and delete the material from any computer.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]