Abstract
Carnegie Mellon University provides a security risk-management methodology that can be tailored easily to meet the demands of the National Strategy to Secure Cyberspace for higher education. Using a self-directed process, information security risks are assessed and mitigation plans developed based on best practices built from CERT vulnerability expertise and broad industry experience.