<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en" version="XHTML+RDFa 1.0" dir="ltr" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/terms/" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:og="http://ogp.me/ns#" xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" xmlns:sioc="http://rdfs.org/sioc/ns#" xmlns:sioct="http://rdfs.org/sioc/types#" xmlns:skos="http://www.w3.org/2004/02/skos/core#" xmlns:xsd="http://www.w3.org/2001/XMLSchema#"> <head profile="http://www.w3.org/1999/xhtml/vocab"> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="Generator" content="Drupal 7 (http://drupal.org)" /> <link rel="canonical" href="/fas-internal-application-survey" /> <link rel="shortlink" href="/node/161" /> <link rel="shortcut icon" href="https://datasecurity.ucsf.edu/profiles/ucsf_b1gfoot/themes/ucsf_b1gfoot_theme/favicon.ico" type="image/vnd.microsoft.icon" /> <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1" /> <meta property="og:image" content="https://datasecurity.ucsf.edu/profiles/ucsf_b1gfoot/themes/ucsf_b1gfoot_theme/img/img-metatag.jpg" /> <meta property="og:image:width" content="940" /> <meta property="twitter:image" content="https://datasecurity.ucsf.edu/profiles/ucsf_b1gfoot/themes/ucsf_b1gfoot_theme/img/img-metatag.jpg" /> <meta property="twitter:card" content="summary" /> <meta property="og:site_name" content="FAS Data Security Compliance Program" /> <meta property="twitter:url" content="https://datasecurity.ucsf.edu/fas-internal-application-survey" /> <meta property="og:url" content="https://datasecurity.ucsf.edu/fas-internal-application-survey" /> <meta property="twitter:title" content="FAS Internal Application Survey | FAS Data Security Compliance Program" /> <meta property="og:title" content="FAS Internal Application Survey" /> <title>FAS Internal Application Survey | FAS Data Security Compliance Program</title> <link type="text/css" rel="stylesheet" href="https://datasecurity.ucsf.edu/sites/g/files/tkssra1931/f/css/css_kShW4RPmRstZ3SpIC-ZvVGNFVAi0WEMuCnI0ZkYIaFw.css" media="all" /> <link type="text/css" rel="stylesheet" href="https://datasecurity.ucsf.edu/sites/g/files/tkssra1931/f/css/css_jVP-avRIcwSWPF-1IJSmQT0nIFbNRJmb8lM03RkeKAY.css" media="all" /> <link type="text/css" rel="stylesheet" href="https://datasecurity.ucsf.edu/sites/g/files/tkssra1931/f/css/css_rV3Wod_e6ST6El0CA65NgFrvcFHnCpm1z0SGwM9reQg.css" media="all" /> <style type="text/css" media="all"> <!--/*--><![CDATA[/*><!--*/ .cke_toolgroup > .cke_button__quote{display:none}.cke_toolgroup > .cke_button__twocolumn{display:none}.cke_toolgroup > .cke_button__threecolumn{display:none}.cke_toolgroup > .cke_button__featuredcontent{display:none}.cke_toolgroup > .cke_button__collapseitem{display:none} /*]]>*/--> </style> <link type="text/css" rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/hopscotch/0.2.5/css/hopscotch.min.css" media="all" /> <link type="text/css" rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css" media="all" /> <link type="text/css" rel="stylesheet" href="https://datasecurity.ucsf.edu/sites/g/files/tkssra1931/f/css/css_-5KGL3kpG9BJtjhjan_sSs2LNKUh8DXr0FbFKbHMQxM.css" media="all" /> <link type="text/css" rel="stylesheet" href="https://datasecurity.ucsf.edu/sites/g/files/tkssra1931/f/css/css_47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU.css" media="print" /> <link type="text/css" rel="stylesheet" href="https://datasecurity.ucsf.edu/sites/g/files/tkssra1931/f/css/css_ApJ4vsstzpdaC9vzq_-8Klb3MFGflA25_mW2L7Z7vog.css" media="all" /> <script type="text/javascript" src="https://datasecurity.ucsf.edu/sites/g/files/tkssra1931/f/js/js_Pt6OpwTd6jcHLRIjrE-eSPLWMxWDkcyYrPTIrXDSON0.js"></script> <script type="text/javascript" src="https://datasecurity.ucsf.edu/sites/g/files/tkssra1931/f/js/js_onbE0n0cQY6KTDQtHO_E27UBymFC-RuqypZZ6Zxez-o.js"></script> <script type="text/javascript" src="https://datasecurity.ucsf.edu/sites/g/files/tkssra1931/f/js/js_gHk2gWJ_Qw_jU2qRiUmSl7d8oly1Cx7lQFrqcp3RXcI.js"></script> <script type="text/javascript" src="https://datasecurity.ucsf.edu/sites/g/files/tkssra1931/f/js/js_xe_uRFgIncjVWm4-Oa-ayIcSuU7G-5paEa2xC6Asbdg.js"></script> <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/hopscotch/0.2.5/js/hopscotch.min.js"></script> <script type="text/javascript" src="https://datasecurity.ucsf.edu/sites/g/files/tkssra1931/f/js/js_7PbaJTSu-LxJaTVbKUqW3Gf_NGEIE3gHP-pkSD63kK8.js"></script> <script type="text/javascript"> <!--//--><![CDATA[//><!-- var sliderSecondary ='slider-secondary-no-image';var sliderPrimary ='slider-no-image'; //--><!]]> </script> <script type="text/javascript" src="https://datasecurity.ucsf.edu/sites/g/files/tkssra1931/f/js/js_3KU2G0XuUwThidq7lpTBQghUO1g1ty4dEdv-co66Xqw.js"></script> <script type="text/javascript" src="https://datasecurity.ucsf.edu/sites/g/files/tkssra1931/f/js/js__pev76oqunwyHrozBOUwthVLhzUZgLLfKlmOonOmdkg.js"></script> <script type="text/javascript"> <!--//--><![CDATA[//><!-- jQuery.extend(Drupal.settings, {"basePath":"\/","pathPrefix":"","setHasJsCookie":0,"ajaxPageState":{"theme":"ucsf_b1gfoot_theme","theme_token":"6Q2AXRBI3iV49OSOVdIIjvLKWLp2VLZFExgodPrCVI0","js":{"profiles\/ucsf_b1gfoot\/modules\/contrib\/jquery_update\/replace\/jquery\/1.12\/jquery.min.js":1,"misc\/jquery-extend-3.4.0.js":1,"misc\/jquery-html-prefilter-3.5.0-backport.js":1,"misc\/jquery.once.js":1,"misc\/drupal.js":1,"profiles\/ucsf_b1gfoot\/modules\/contrib\/jquery_update\/js\/jquery_browser.js":1,"misc\/form-single-submit.js":1,"profiles\/ucsf_b1gfoot\/modules\/contrib\/entityreference\/js\/entityreference.js":1,"profiles\/ucsf_b1gfoot\/modules\/b1gfoot\/ucsf_b1gfoot_admin_menu\/js\/ucsf_b1gfoot_admin_menu.js":1,"profiles\/ucsf_b1gfoot\/modules\/b1gfoot\/ucsf_eds_profiles\/ucsf_eds_profiles_tweaks.js":1,"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/hopscotch\/0.2.5\/js\/hopscotch.min.js":1,"profiles\/ucsf_b1gfoot\/modules\/b1gfoot\/y3ti_help\/js\/y3ti_help.js":1,"0":1,"profiles\/ucsf_b1gfoot\/modules\/b1gfoot\/ucsf_b1gfoot_sitewizard\/js\/ucsf_b1gfoot_sitewizard.js":1,"profiles\/ucsf_b1gfoot\/themes\/ucsf_b1gfoot_theme\/js\/vendor\/slick\/slick.js":1,"profiles\/ucsf_b1gfoot\/themes\/ucsf_b1gfoot_theme\/js\/vendor\/icheck.min.js":1,"profiles\/ucsf_b1gfoot\/themes\/ucsf_b1gfoot_theme\/js\/build\/main.js":1,"profiles\/ucsf_b1gfoot\/themes\/ucsf_b1gfoot_theme\/js\/vendor\/responsive-nav\/responsive-nav.min.js":1,"profiles\/ucsf_b1gfoot\/themes\/ucsf_b1gfoot_theme\/js\/script.js":1},"css":{"modules\/system\/system.base.css":1,"modules\/system\/system.messages.css":1,"modules\/system\/system.theme.css":1,"modules\/aggregator\/aggregator.css":1,"modules\/book\/book.css":1,"modules\/comment\/comment.css":1,"modules\/field\/theme\/field.css":1,"modules\/node\/node.css":1,"modules\/search\/search.css":1,"modules\/user\/user.css":1,"profiles\/ucsf_b1gfoot\/modules\/contrib\/views\/css\/views.css":1,"profiles\/ucsf_b1gfoot\/modules\/contrib\/ckeditor\/css\/ckeditor.css":1,"profiles\/ucsf_b1gfoot\/modules\/contrib\/ctools\/css\/ctools.css":1,"profiles\/ucsf_b1gfoot\/modules\/b1gfoot\/ucsf_b1gfoot_admin_menu\/css\/ucsf_b1gfoot_admin_menu.css":1,"profiles\/ucsf_b1gfoot\/modules\/b1gfoot\/ucsf_b1gfoot_sitewizard\/css\/ucsf_b1gfoot_sitewizard.css":1,"0":1,"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/hopscotch\/0.2.5\/css\/hopscotch.min.css":1,"https:\/\/maxcdn.bootstrapcdn.com\/font-awesome\/4.4.0\/css\/font-awesome.min.css":1,"profiles\/ucsf_b1gfoot\/themes\/ucsf_b1gfoot_theme\/js\/vendor\/slick\/slick.css":1,"profiles\/ucsf_b1gfoot\/themes\/ucsf_b1gfoot_theme\/css\/screen.css":1,"profiles\/ucsf_b1gfoot\/themes\/ucsf_b1gfoot_theme\/css\/print.css":1,"profiles\/ucsf_b1gfoot\/themes\/ucsf_b1gfoot_theme\/css\/colors\/primary\/primary-navy.css":1,"profiles\/ucsf_b1gfoot\/themes\/ucsf_b1gfoot_theme\/css\/colors\/secondary\/secondary-grey.css":1}},"urlIsAjaxTrusted":{"\/fas-internal-application-survey":true}}); //--><!]]> </script> </head> <body class="html not-front not-logged-in page-node page-node- page-node-161 node-type-page slider-secondary ucsf-b1gfoot font--header--helveticaneue slider-secondary-no-image profile--grid no-sidebar no-sidebar--right" > <div id="skip-link"> <a href="#main-content" class="element-invisible element-focusable">Skip to main content</a> </div> <div id="page-wrapper"> <div id="page"> <div class="ucsf-top-header row-full-width no-logo"> <div class="inside"> <ul class="menu"> <li class="first"><a href="https://www.ucsf.edu">University of California San Francisco</a></li> <li><a href="https://www.ucsfhealth.org/">UCSF Health</a></li> <li><a href="https://www.ucsf.edu/search" title="">Search UCSF</a></li> <li><a href="https://www.ucsf.edu/about">About UCSF</a></li> </ul> </div> </div> <div id="header" class="row-full-width"> <div class="inside clearfix"> <h1 id="site-name"> <a href="/" title="Home" rel="home"> FAS Data Security Compliance Program </a> </h1> <div class="region region-header"> <div id="block-search-form" class="block block-search"> <div class="content"> <form onsubmit="if(this.search_block_form.value==&#039;Search&#039;){ alert(&#039;Please enter a search&#039;); return false; }" action="/fas-internal-application-survey" method="post" id="search-block-form" accept-charset="UTF-8"><div><div class="container-inline"> <h2 class="element-invisible">Search form</h2> <div class="form-item form-type-textfield form-item-search-block-form"> <label class="element-invisible" for="edit-search-block-form--2">Search... </label> <input title="Enter the terms you wish to search for." placeholder="Search..." class="text-input fa fa-search form-text" aria-hidden="" type="text" id="edit-search-block-form--2" name="search_block_form" value="" size="40" maxlength="128" /> </div> <div class="form-actions form-wrapper" id="edit-actions"><input type="submit" id="edit-submit" name="op" value="" class="form-submit" /></div><input type="hidden" name="form_build_id" value="form-5Dx2utqFLiEXdPP8XyiEwOfuRgH5Co86MHoLKW1jyvU" /> <input type="hidden" name="form_id" value="search_block_form" /> </div> </div></form> </div> </div> <div id="block-ucsf-b1gfoot-tweaks-header-socialmedia" class="block block-ucsf-b1gfoot-tweaks"> <div class="content"> <div class="nav-social"></div> </div> </div> <div id="block-menu-block-1" class="block block-menu-block"> <div class="content"> <div class="menu-block-wrapper menu-block-1 menu-name-main-menu parent-mlid-0 menu-level-1"> <ul class="menu"><li class="first leaf menu-mlid-1381"><a href="/">Home</a></li> <li class="expanded menu-mlid-1896"><a href="/about-fas-dscp">About</a><ul class="menu"><li class="first last leaf menu-mlid-1906"><a href="/dscp-meetings">DSCP Meetings</a></li> </ul></li> <li class="leaf menu-mlid-1796"><a href="/news">News</a></li> <li class="expanded active-trail active menu-mlid-3651"><a href="/fas-internal-application-survey" class="active-trail active">FAS Internal Application Survey</a><ul class="menu"><li class="first last leaf menu-mlid-3656"><a href="/dscp-risk-management-cycle">Dashboards</a></li> </ul></li> <li class="leaf menu-mlid-1901"><a href="/processes-procedures">Processes &amp; Procedures</a></li> <li class="leaf menu-mlid-3291"><a href="/reports">Reports</a></li> <li class="last expanded menu-mlid-2016"><a href="/resources">Resources</a><ul class="menu"><li class="first leaf menu-mlid-4696"><a href="/faq-fas-risk-assessment">FAQ for FAS Risk Assessment</a></li> <li class="last leaf menu-mlid-3246"><a href="/glossary-20">Glossary 2.0</a></li> </ul></li> </ul></div> </div> </div> </div> </div> </div> <div id="breadcrumb" class="row-full-width"><div class="inside"><h2 class="element-invisible">You are here</h2><div class="breadcrumb"><a href="/">Home</a> > <span class="breadcrumb-page-title">FAS Internal Application Survey</span></div></div></div> <h1 class="title" id="page-title">FAS Internal Application Survey</h1> <div class="content-top"> </div> <div id="main-wrapper"> <div id="main" class="clearfix"> <div id="content" class="column"> <div class="inside"> <a id="main-content"></a> <div class="tabs"></div> <div class="region region-content"> <div id="block-system-main" class="block block-system"> <div class="content"> <div id="node-161" class="node node-page slider-secondary clearfix" about="/fas-internal-application-survey" typeof="sioc:Item foaf:Document"> <span property="dc:title" content="FAS Internal Application Survey" class="rdf-meta element-hidden"></span><span property="sioc:num_replies" content="0" datatype="xsd:integer" class="rdf-meta element-hidden"></span> <div class="content"> <div class="field field-name-field-body field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"><h2>Objectives</h2> <p>1. Identify the risk level for each application (LOW, MEDIUM, HIGH)</p> <p>2. Identify the risk factors for each application (e.g. application doe snot lock users out after 25 minutes)</p> <p>3. Provide guidance on remediation of risks found (e.g. change the timeout to 25 minutes unless there is a business need to extend the time.聽 Submit a security exception.)</p> <h2>How We Get There</h2> <p>During the March 2018 FAS DSCP Meeting, a plan was made to use the Inherent Risk Survey Tool (by IT Security) on all FAS applications outside of enterprise IT to create our risk profile. The Inherent Risk Survey Tool is the first step in a two-step process which culminates with the satisfactory resolution of any risks identified by the FAS Application Checklist.聽 The Inherent Risk Survey Tool assigns ratings for applications based on the quesitons in the survey regarding data classification, user types, number of users and records, and architecture. This is a simple 6 question survey.</p> <p>The FAS Application Checklist is a deeper dive into an application. This checklist has been designed to efficiently analyze risk based on the data a system or application manages, to comply with regulatory requirements, to prioritize full risk assessment efforts, and to ensure that the right people are making informed decisions about risk and risk management. When the FAS Application Checklist is completed, security staff review it to determine where remediation could strengthen the application's security and lower it's risk level.聽 Security staff then works with the department using the application to resolve any problems.聽 The Inherent Risk Survey Tool informs the security staff's remediation planning and ensures that problems are addressed as required by specific risk levels.</p> </div></div></div> </div> </div> </div> </div> </div> </div> </div> <div id="sidebar" class="column"> </div> </div></div> <div id="footer"> <div class="section"> <div class="region region-footer"> <div id="block-block-6" class="block block-block"> <div class="content"> <p style="text-align:center"><a href="https://datasecurity.ucsf.edu/content/report-new-application" target="_blank"><img alt="Click this image to report your application to the FAS DSCP." height="62" src="/sites/g/files/tkssra1931/f/wysiwyg/ReportYourApptoDSCP.png" width="500" /></a></p> </div> </div> </div> <div class="footer-bottom"> <nav aria-label="Footer Navigation" class="footer--navigation"> <ul> <li><a href="https://www.ucsf.edu/accessibility-resources">Accessibility</a></li> <li><a href="https://www.ucsf.edu/website-privacy-policy">Privacy Policy</a></li> <li><a href="https://websites.ucsf.edu/website-terms-use">Terms of Use </a></li> <li><a href="https://websites.ucsf.edu/azlist">A-Z Website List</a></li> </ul> </nav> <div class="footer--copyright"> <p>&copy; 2024 The Regents of the University of California</p> </div> </div> </div> </div> </div> </div> <script type="text/javascript"> /*<![CDATA[*/ (function() { var sz = document.createElement('script'); sz.type = 'text/javascript'; sz.async = true; sz.src = '//siteimproveanalytics.com/js/siteanalyze_8343.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(sz, s); })(); /*]]>*/ </script> </body> </html>