[unisog] Risk analysis
michael.holstein at csuohio.edu
Wed Feb 15 22:00:28 GMT 2006
That's all just a theoretical exercise. IIRC (from back when I studied
for the CISSP), the idea is to assign a value like this :
What will it cost us if that gets hacked?
loss of business activity
loss of business integrity
legal (or criminal) liability
So .. is a faculty member more valuable than a student?
Well, without assigning hard numbers, consider :
I loose a student's data. That affects one person (directly) plus the
support staff to remedy the problem.
I loose a professor's data. That affects all 100+ of his/her students,
plus all the support staff to deal with 100+ problems.
Just my quick $0.02 at 4:59pm.
Michael Holstein CISSP GCIA
Cleveland State University
More information about the unisog