EITS continues to improve ASSETs database to provide campus units tools to identify security risks

Office of the Chief Information Officer Press Release
The University of Georgia
Athens, Georgia

Monday, April 7, 2008

WRITER: Sarah Lee, 706/542-5359, slee23@uga.edu
CONTACT: Ben Myers, 706-542-0033, bmyers@uga.edu

ATHENS, Ga.— Enterprise Information Technology Services (EITS) recently charged IT Security Analyst Specialist Ben Myers with the task of managing, updating, and promoting the Automated Security Self-Evaluation Tools database, otherwise known as ASSETs.

Says Myers, "In short, the general intention of ASSETs is to reduce the occurrence of information security incidents at UGA— to protect the confidentiality, integrity, and availability of this University's data—by providing tools for units to use to identify and evaluate their information security risks."

From a broader perspective, Myers notes that the database was constructed in conjunction with the 2005 Securing Sensitive Data Initiative (SSDI), an administrative policy helmed by the Office of Information Security that charged all UGA departments with:

Identification and inventory of critical/sensitive servers/data and business processes
Assessment of critical and sensitive assets
Evaluation of business and security processes
Development of a plan to lower the risks and threats to the identified assets
Creation of a sustainable process/plan to mitigate risks/threats going forward
Attendance at security awareness training and education sessions

Ben Myers, IT security analyst specialist with EITS, heads up the ASSETS database project

What this means in practical terms, says Myers, is that "Unit Security Liaisons provide an inventory of their critical/sensitive assets and complete [a database driven] questionnaire on their security and business processes. Units can then generate a security plan report based on their questionnaire results and their inventory of at-risk assets. Centrally, EITS rolls up the data from the units to get an idea of where UGA's information security risks lie."

Myers was tapped to manage the task late last year and has been in what he calls "reactive mode assisting users." However, the April 15, 2008, deadline for ASSETs participation is fast approaching and Myers notes that after that date, reports will be generated and dispersed to units and stakeholders will be identified to help move the initiative into the future.

"The goal is to identify criteria and potential value during planning, and then design and build a system that delivers," he says.

For an overview of ASSETs see:

infosec.uga.edu/service/assets.php

The ASSETs database is located at assets.uga.edu.

ASSETS is in direct support of the recently launched UGA risk-management model known as SecureUGA. SecureUGA is a role-based security training and accountability model in which every individual, regardless of position, has a responsibility to protect UGA's sensitive and critical data. For more information on SecureUGA, see:

secure.uga.edu

About the Office of the CIO and EITS
The Office of the Chief Information Officer and Enterprise Information Technology Services (EITS) are committed to the mission of UGA as a land-and-sea-grant institution where academics come first and the research extensive university community encourages research efforts at the undergraduate and graduate levels. To that end, under the direction of the University´s Chief Information Officer, EITS endeavors to provide a robust, reliable, and secure information technology infrastructure, maintain essential production services, and offer world-class support.

Search EITS