-
Research
and Publications
Current Issue
March/April 2013
EDUCAUSE ReviewPublications
-
Conferences
and Events
Annual Conference
October 15–18, 2013
Save the date!Events for all Levels and Interests
Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.
-
Career
Development
EDUCAUSE Institute
Leadership/Management Programs
Explore MoreCareer Center
Leadership and Management Programs
EDUCAUSE Institute
Advanced Programs
Project Management
Jump Start Your Career Growth
Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.
-
Focus Areas
and InitiativesLatest Topics
EDUCAUSE organizes its efforts around three IT Focus Areas
Join These Programs If Your Focus Is
-
Connect
and ContributeFind Others
Get on the Higher Ed IT Map
Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
-
About
EDUCAUSE
Filter by type
Filter by Publications
Filter by Presentations
Filter by Library Taxonomy
- Campus Policies [x]
- Security Risk Assessment and Analysis [x]
- Campus Policy and Law (36)
- Cybersecurity (36)
- Policy and Law (36)
- Security Management (36)
- Security Policies (34)
- Security Planning (15)
- Information Technology Management and Leadership (13)
- Network Security and Applications (11)
- Data Security (10)
- Identity and Access Management (10)
- Security Implementation (8)
- Authentication (7)
- Firewalls (7)
- Incident Handling and Response (7)
- Authorization (6)
- Federal Policy and Law (6)
- Institutional Management (6)
- Security Awareness (6)
Resources Developed by the Higher Education Information Security Council (HEISC)
- Information Security Governance
- Information Security Governance Assessment Tool
- Information Security Risk Assessment Consultants List
- Information Security Risk Assessment Sample RFPs
- Risk Assessment Tools
- Risk Management Framework
Risk Analysis and Security Evaluation Tools
- Electronic Risk and Requirements Assessment (E-RA)
- CCTA (Central Computer and Telecommunications Agency) Risk Analysis and Management Method (CRAMM)
- Control Objectives for Information and related Technology (COBIT)
- NIST Recommended Security and Privacy Controls for Federal Information Systems and Organizations (SP 800-53)
- NIST's "An Overview of Issues in Testing Intrusion Detection Systems"
- Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE)
- Security Targeting and Analysis of Risks (STAR)
Updated October 2012
Library Items on this Topic
EDUCAUSE Library Items for Security Risk Assessment and Analysis
-
Information Security Program Assessment Tool
-
April 15, 2013
This self-assessment tool was created to evaluate the maturity of higher education information security programs using as a framework the International Organization for Standardization (ISO) 2700…
-
Guide to Enterprise Telework and Remote Access Security (SP 800-46 Revision 1)
-
June 4, 2009
Many organizations’ employees and contractors use enterprise telework technologies to perform work from external locations. Most teleworkers use remote access technologies to interface with an…
-
The Journey to a Successful Risk Assessment: One Strategy Unveiled
-
February 19, 2010
|
A session at the EDUCAUSE Southwest Regional Conference 2010
A sound risk assessment process is one of the building blocks of a maturing information security program. Join the IT Security Team from Texas State University as they reveal the process and proced…
-
Compliance Assessment Template
-
September 24, 2008
This sample Harvard University questionnaire is designed to assist people in understanding if the setup and operation of their systems are in compliance with the Harvard Enterprise Information …
-
Security and Privacy Lightning Round
-
October 30, 2008
|
A session at the EDUCAUSE 2008 Annual Conference
Authenticated Guest Wireless Access: Simplicity and Security Christopher Keslar, University of Pittsburgh The need for guest access is growing as more campuses provide wireless coverage. Th…
-
Information Security Governance: Standardizing the Practice of Information Security
-
August 19, 2008
This ECAR research bulletin discusses the trend to use a variety of risk assessment frameworks and standards to create an information security program that is sufficiently comprehensive for colle…
-
IT Security Officer Survey
-
April 9, 2008
This April 2008 survey is a critical component of the EDUCAUSE Center on Applied Research (ECAR) study of information security officers in higher education. It seeks to understand the important c…
-
Managing IT Risk in Higher Education: A Methodology
-
March 18, 2008
This research bulletin presents a methodology, used successfully at the University of Technology, Sydney (UTS) in Australia, for managing and assessing risks related to information technology sys…
-
GSU's Roadmap for a World-Class Information Security Management System: ISO 27001:2005
-
October 24, 2007
|
A session at the EDUCAUSE 2007 Annual Conference
Georgia State University is one of the first universities to embrace the ISO 27001:2005 standard for establishing an information security management system (ISMS). A systematic and disciplined appr…
-
IT Security Risk Assessment
-
June 11, 2007
This standard defines a methodology and an assessment process for quantifying security risks in the IT environment. This standard defines a metho…
