About  |  Contact Us  |  Register for Benefits  |  Login  |  View/Edit Your Profile  |  Consulting  |  Principal & Founder  |  Sponsorships  |  Legal & Privacy

  Home      Blog      Job Board      Community      Contribute      Vendor Listings      Search Site
  Employment  |  More With Less  |  Potpourri  |  Records  |  Reporting  |  Research  |  Revenue  |  Samples  | Systems  |  Web Sightings
  Security. Systems
Security Home | Problems and Risk Assessment | Sources of Attacks | Stopping Attacks | Summary
SecurityProblems Caused by Security Breakdowns
  • Loss of current and future gift revenue.
  • Damage to an institution's reputation.
  • Loss in donor and constituent confidence in the institution.
  • Public scrutiny and the need for external audits.
  • Lawsuits against the institution for exposing individual and corporate data.
  • Loss of morale if systems are down on a regular basis because of security breaches.

Risk Management Assessment

The first step in reviewing security is to do a risk management assessment and inventory to determine where security improvements and changes are needed.

Some items a risk assessment inventory should include:

  • List of assets and cost of replacement for both systems and data assets of all types.
  • Estimation of downtime and cost caused by security breaches such as virus attacks, corruption of files.
  • What contingency plans exist for a system failure and the cost of replacing an entire system or having a hot swappable backup environment.
  • Estimation of costs for complete disaster and recovery plan.
  • Where the sources and points of risk exist and the cost for improving and plugging these holes.
  • A weighting and scoring system for the different types of security risks. You want to think about the 80/20 rule, and deal with the most important threats first.
  • Include other information that you might not normally consider such as donor profiles, spreadsheets with budgets for development, development travel records, event budgets. Many of these items are a normal part of the development process, but could cause bad publicity for an organization because the reasons for the expenditure of money in these areas may not be well understood.
  • Where are salaries and other confidential human resource information stored and who has access to these records?
  • Where are offsite backups kept, are they password protected and is there an adequate separation of duties between the administrators of the system and the backup operators?
  • Extend the risk assessment to other assets such as mobile devices, laptops and home computers.
  • Include human resource policies such as background and credit checks for employees, comprehensive reference checking and in some cases ensuring employees are bonded.

Risk assessment should not only include computers and computer systems, but also items such as central files, hard copy reports, data backup and recovery strategies, who has access to information, record retention and destruction policies and procedures, off site storage facilities, shadow databases and more.

Support and IT staff need to be continually improving their capabilities to get more payback from information technology, and if there are breaches, this lowers the payback.

The complexity of your environment and the sophistication of your systems also creates a tradeoff in security.

The more complex, the more sophisticated and the more distributed, the more difficult it is to lock down your environment.

Computer Security InstituteSecurity
Supportingadvancement.com FIRST - Forum of Incident Response and Security Teams
Supportingadvancement.com Industry Canada - Online Security and Privacy Guide
Supportingadvancement.com Microsoft - Baseline Security Analysis Tool, newsletters and other tools. Free seminars.
Supportingadvancement.com National Cyber Security Partnership - Public private partnership to make cyberspace more secure.
Supportingadvancement.com PC Magazine Utilities - A number of free tools such as spyware detectors.
Supportingadvancement.com Software Engineering Institute - Papers
Supportingadvancement.com Threats and Countermeasures - From Microsoft. A free 900+ page document on improving web security.

Sites with privacy legislation, policies and procedures:
   Supportingadvancement.com AFP Toronto ChapterSecurity
Supportingadvancement.com AFP Canadian Public Policy on Privacy
Supportingadvancement.com Australian Government Privacy Office
Supportingadvancement.com CASE - Foundation Independence and Donor Privacy
Supportingadvancement.com Canadian Department of Justice Policy on Access to Information and Privacy
  Supportingadvancement.com Direct Marketing Association. Privacy policy generator.
Supportingadvancement.com Information and Privacy Commissioner of Ontario (IPC) Web site
Supportingadvancement.com Ontario's Consultation on Privacy Protection
Supportingadvancement.com Privacy Commissioner of British Columbia
Supportingadvancement.com Privacy Commissioner of Canada
Supportingadvancement.com PrivacyInfo.ca
Supportingadvancement.com Privacy is Your Business from CIO
Supportingadvancement.com Privacy Rights Clearinghouse

On this site:
Data Backup and Recovery Strategies
Democracy and Responsibility. Additional security considerations given break-ins and compromises of higher ed data.
Employment Pages. Confidentiality agreements.
Privacy Architecture
Privacy Audit Questionnaire
Privacy Policy Statement
Privacy Principles
Privacy Recommendations
Releasing Alumni Information
Security Survey
Shadow Databases

  ↑  Top of Page  |  Samples Page  |  Sample Forms  |  Favorite Reports  |  Frequently Asked Questions  |  Glossary of Terms