Events for all Levels and InterestsStay
Jump Start Your Career GrowthStay
Get on the Higher Ed IT MapStay
Uncommon Thinking for the Common Good™Stay
Security Reviews for New Systems / Services
I’m wondering how organizations have a requirement that all new IT systems/services undergo a security review prior to purchase or implementation. By security review, I mean architecture, risk and control assessments, etc. as well as the use of tools like vulnerability scanners.
If you’ve implemented a review, would you mind sharing your policy and any thoughts on implementation (resourcing, scope, lessons learned)?
Chief Information Security Officer
University of Utah