Assessing Risk: Developing a Client/Server Security Architecture
- Published:
- Briefs, Case Studies, Papers, Reports
- Author(s) and Contributors:
-
Author(s): David Millar Noam Arzt
- Source(s) and Collection(s):
-
Presentation(s): CAUSE Conferences (Archives)
- ParentTopics:
Abstract
The University of Pennsylvania's new data warehouse and financial systems are exploiting technology to bring to Penn flexible new ways to organize and manage data, making it readily available for both operational and planning needs. Along with the benefits of the new technology, however, come risks which the University must address to ensure the integrity of its information assets. The decentralization of data and computing, and the use of open networks, open systems, and open standards expose Penn to new vulnerabilities. Penn can no longer rely on the use of obscure operating systems and networking protocols to protect its systems and information.The Client/Server Security Standards Task Force was created to identify the threats to information security posed by the new technologies being adopted for the data warehouse and financial systems. This report documents the threats which the group feels are most serious, and provides a rationale for the group's recommendations.