Security Assessment: Case Studies for Implementing NSA IAM

The interview schedule was finally set, at least for the first week of the onsite phase of the Red Rover University assessment. Through discussions during the pre-assessment site visit, we determined that the college was most concerned about liability for systems used to initiate attacks on other systems and Family Education Rights and Privacy Act (FERPA) regulations. FERPA addresses the privacy protection responsibilities for educational institutions.
The university has four colleges along with the associated support staff. Each college has its own technology staff responsible for systems administration and security for that particular college. The administrative functions of the college are supported by the university s Information Technology (IT) department. Table 7.5 identifies the Week 1 schedule of interviews.
| Week 1 On Site | Monday | Tuesday | Wednesday | Thursday | Friday |
|---|---|---|---|---|---|
| 0730 | Arrive on site | Arrive on site | Arrive on site | Arrive on site | Arrive on site |
| 0800 | Opening meeting | Tour of new technology center | Meeting with customer representative | Interview with server support | Meeting with customer representative |
| 0900 | Tour of campus | Interview with food services director | Interview with manager of technical services | Continued | Interview with facilities management |
| 1000 | Interview with chancellor s office | Continued | Meeting with customer representative | Continued | |
| 1100 | Continued | Interview with ... |