-
Research
and Publications
Current Issue
May/June 2013
EDUCAUSE ReviewPublications
-
Conferences
and Events
Annual Conference
October 15–18, 2013
Register now!Events for all Levels and Interests
Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.
-
Career
Development
EDUCAUSE Institute
Leadership/Management Programs
Explore MoreCareer Center
Leadership and Management Programs
EDUCAUSE Institute
Advanced Programs
Project Management
Jump Start Your Career Growth
Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.
-
Focus Areas
and InitiativesLatest Topics
EDUCAUSE organizes its efforts around three IT Focus Areas
Join These Programs If Your Focus Is
-
Connect
and ContributeFind Others
Get on the Higher Ed IT Map
Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
-
About
EDUCAUSE
Filter by type
- Podcasts (6)
- Blogs (6)
- Articles, Briefs, Papers, and Reports (47)
- Blogs and Wikis (2)
- Certification, Education, Training and Tutorials (3)
- Effective Practices (7)
- Government Documents, Laws, Testimonies or Reports (2)
- Plans and Guidelines (7)
- Policies and Procedures (1)
- Presentations and Seminars (99)
- Programs and Projects (1)
- RFPs (1)
- Surveys (2)
- Tools (8)
- Vendors (1)
Filter by Publications
Filter by Presentations
Filter by Library Taxonomy
- Security Risk Assessment and Analysis [x]
- Cybersecurity (194)
- Security Management (194)
- Information Technology Management and Leadership (81)
- Policy and Law (57)
- Network Security and Applications (48)
- Risk Management (42)
- Data Security (41)
- Campus Policy and Law (37)
- Campus Policies (36)
- Security Planning (34)
- Security Policies (34)
- Security Awareness (30)
- Incident Handling and Response (28)
- Federal Policy and Law (27)
- Identity and Access Management (22)
- Security Implementation (20)
- Cybersecurity Policy (15)
- Network Vulnerability Assessment (14)
- Planning (14)
Resources Developed by the Higher Education Information Security Council (HEISC)
- Information Security Governance
- Information Security Governance Assessment Tool
- Information Security Risk Assessment Consultants List
- Information Security Risk Assessment Sample RFPs
- Risk Assessment Tools
- Risk Management Framework
Risk Analysis and Security Evaluation Tools
- Electronic Risk and Requirements Assessment (E-RA)
- CCTA (Central Computer and Telecommunications Agency) Risk Analysis and Management Method (CRAMM)
- Control Objectives for Information and related Technology (COBIT)
- NIST Recommended Security and Privacy Controls for Federal Information Systems and Organizations (SP 800-53)
- NIST's "An Overview of Issues in Testing Intrusion Detection Systems"
- Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE)
- Security Targeting and Analysis of Risks (STAR)
Updated October 2012
Library Items on this Topic
EDUCAUSE Library Items for Security Risk Assessment and Analysis
-
Security Risk Assessment and Analysis
-
Security Risk Assessment and Analysis True Resources Deve…
-
Information Security
-
June 14, 2013
This Spotlight focuses on data from the 2012 Core Data Service (CDS) to better understand how higher education institutions approach information security activities. Information provided …
-
Information Security Program Assessment Tool
-
April 15, 2013
This self-assessment tool was created to evaluate the maturity of higher education information security programs using as a framework the International Organization for Standardization (ISO) 2700…
-
An Incremental Approach to Building an Information Security Program
-
April 1, 2013
Key Takeaways Constraints such as tight budgets, increased responsibilities, lack of resources or incentive, and disagreement on a common approach to information security pose ch…
-
NIST Posts Initial Analysis of Comments on Cybersecurity Framework
-
May 21, 2013
The National Institute of Standards and Technology (NIST) announced that it has prepared an initial analysis of hundreds of comments submitted by industry and the public related to the P…
-
A Model for Today: Partnering with Industry to Enhance Institutional Information Security Capabilities
-
April 16, 2013
|
A session at the Security Professionals Conference
Many academic organizations are facing the same problems: an aging decentralized computing infrastructure, growing use of mobile devices, increasing use of network resources, and ever-present exter…
-
Enterprise Risk Management in Higher Education: Implications for Enterprise IT - Sponsored by Kroll Advisory Solutions
-
April 17, 2013
|
A session at the Security Professionals Conference
Enterprise risk management (ERM) has matured as a discipline within higher education. Colleges and universities are subject to risks to their physical assets, people assets, and cyber assets. The i…
-
Lessons Learned in Managing IT Risk
-
April 17, 2013
|
A session at the Security Professionals Conference
This session will cover "understanding risk": what IT risk is, where it comes from, and what we can do about it. We'll also present a model that can be used for evaluating risk respo…
-
Bring Your Own Cloud: Data Management Challenges in a Click-Through World
-
April 17, 2013
|
A session at the Security Professionals Conference
Consumer cloud-based services are easy to set up, low cost, and familiar. It's understandable why clients would automatically turn to them for their data-storage needs. But what happens when…
-
How to Think Like a Risk Manager
-
April 17, 2013
|
A session at the Security Professionals Conference
Having heard the enterprise risk management (ERM) panel, you are now wondering what is going on in the risk management department across the street from your office, how they view you and your issu…
