[unisog] Risk analysis

Michael Holstein michael.holstein at csuohio.edu
Wed Feb 15 22:00:28 GMT 2006

That's all just a theoretical exercise. IIRC (from back when I studied 
for the CISSP), the idea is to assign a value like this :

What will it cost us if that gets hacked?
	loss of business activity
	loss of business integrity
	legal (or criminal) liability

So .. is a faculty member more valuable than a student?

Well, without assigning hard numbers, consider :

I loose a student's data. That affects one person (directly) plus the 
support staff to remedy the problem.

I loose a professor's data. That affects all 100+ of his/her students, 
plus all the support staff to deal with 100+ problems.

Just my quick $0.02 at 4:59pm.


Michael Holstein CISSP GCIA
Cleveland State University

More information about the unisog mailing list