The Security and Privacy Impact Assessment (SPIA) is a University wide initiative sponsored by the Office of Audit Compliance and Privacy along with Information Systems and Computing aimed at identifying and protecting personal and confidential information across the University. The School of Arts and Sciences has implemented SPIA as part of the wider University effort in order to ensure policy compliance and help protect SAS data.

Staff

The SPIA process is being driven by the SAS SPIA Ninjas, a dedicated team of staff trained in the SPIA process. The SPIA Ninjas help guide departments, centers, and organizations through the SPIA process. The SPIA Ninjas are:

• Taryn Kutish
• Elizabeth Scheyder
• Ben Sykora
• Jay Treat
• Sherry Weller
• Dan Yoshida
• Amy Zoll

The SPIA coordinators for SAS are Christine Brisson, Justin Klein Keane, and Warren Petrofsky of the SAS Informrmation Security and Unix Services (ISUS) group.

Purpose

The SPIA process is designed to identify key areas of vulnerability to information resources as SAS . These areas include exposure of sensitive information, business continuity processes such as backups, deficiencies in physical security and other similar concerns. SPIA is merely a reporting process, however, and does not involve blame, or solutions. In many cases the Ninjas may be able to provide guidance with respect to certain security applications, but the main purpose of SPIA is to collect information. Once SAS has a complete picture of our data, process, and information landscape, compiled from SPIA reports, an executive summary is produced. In this executive summary we aim to identify problem areas and propose solutions in an effort to best maximize and direct resources toward the areas that most need attention. In this manner, SPIA is designed to secure resources to address the most pressing concerns of the School as a whole. For this reason, everyone should be as free and forthcoming about their unique organizational situation and challenges to that SPIA can best identify the ways in which the School can serve your needs.

About the SPIA Process

SPIA involves an audit and assessment which the Ninjas complete after interviews with principles in subject areas. SPIA Ninjas perform outreach to new areas in an attempt to gather all the relevant information to complete these audits and assessments. Note that while the SPIA process may involve some discovery on your part, the process is designed to be handled by the SPIA Ninjas to present a minimally invasive experience.