Penn Information Security: SWAT Deliverables


	Wednesday, August 20, 2008

	Security Checklists & Policies
	Secure desktop computing
	Secure servers
	Secure web applications
	Tips for safe computing
	Computing policies

	Email
	Harassment & Forgery
	Hoaxes, frauds & scams
	Spam & Email relays
	Encryption & digital signatures

	More in-depth information for
	Local support providers
	System administrators
	Application developers

	Security initiatives
	Critical host compliance
	Authentication & authorization
	Penn Security & Privacy Assessment (SPIA)

	Related links
	Electronic privacy
	PennKey
	Viruses
	Worms, trojans, backdoors

Goals/Deliverables of the team:

Develop Best Practices
Create an Appendix to Critical Host Policy
Draft Web Application Standards - Technical Document
- Use OWASP as a starting point
Conduct 1-2 hour Annual Training Session
Develop Code Samples (Library of code sets by application - Java, Cold Fusion, etc.)
Volunteer Code Review (Between schools/centers); Special Interest Group;
- PennKey "gatekeeper" - Code Review is required if you use PennKey to Authenticate.

Begin by walking through OWASP Top 10 in detail, one vulnerability at a time, to develop Penn's Best Practices/Technical Documentation.

Last updated: Wednesday, January 3, 2007



Information Systems and Computing University of Pennsylvania Comments & Questions