|One Step Ahead
April 24, 2007, Volume 53, No. 31
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
Run a Security/Privacy Check on New and Upgraded Systems and Applications
• You just built a great new database to improve administrative efficiency in your department.
• You’ve launched a new application collecting personal data of participants as part of a research study.
• You’ve upgraded an older system to a new version and are delighted by the better features.
Are you thinking about the security and privacy implications in any of these scenarios? If you aren’t, you should be.
Penn has developed an easy-to-use tool—the “Security and Privacy Impact Assessment” or “SPIA” tool—that can be used to evaluate any individual database or application. The tool is already being used by many Schools and Centers to inventory and evaluate systems in general.
To use the tool on an individual system, go to the SPIA site at www.upenn.edu/computing/security/spia/ and, using the blank tool (an Excel spreadsheet), follow steps 2 through 5 in the SPIA instructions. Sample evaluations are also available. If you need assistance or have questions, write to firstname.lastname@example.org.
Sleep better at night—find your security and privacy vulnerabilities before the bad guys do.
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.