-
Research
and Publications
Current Issue
March/April 2013
EDUCAUSE ReviewPublications
-
Conferences
and Events
Annual Conference
October 15–18, 2013
Save the date!Events for all Levels and Interests
Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.
-
Career
Development
EDUCAUSE Institute
Leadership/Management Programs
Explore MoreCareer Center
Leadership and Management Programs
EDUCAUSE Institute
Advanced Programs
Project Management
Jump Start Your Career Growth
Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.
-
Focus Areas
and InitiativesLatest Topics
EDUCAUSE organizes its efforts around three IT Focus Areas
Join These Programs If Your Focus Is
-
Connect
and ContributeFind Others
Get on the Higher Ed IT Map
Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
-
About
EDUCAUSE
Filter by type
Filter by Publications
Filter by Presentations
Filter by Library Taxonomy
- Data Security [x]
- Security Risk Assessment and Analysis [x]
- Cybersecurity (40)
- Security Management (40)
- Policy and Law (18)
- Information Technology Management and Leadership (15)
- Security Planning (13)
- Campus Policies (10)
- Campus Policy and Law (10)
- Federal Policy and Law (10)
- Network Security and Applications (9)
- Security Policies (9)
- Privacy (8)
- Risk Management (8)
- Security Awareness (8)
- Security Implementation (6)
- Cybersecurity Policy (5)
- Federal Privacy Law (5)
- Identity and Access Management (5)
- Identity Theft (4)
Resources Developed by the Higher Education Information Security Council (HEISC)
- Information Security Governance
- Information Security Governance Assessment Tool
- Information Security Risk Assessment Consultants List
- Information Security Risk Assessment Sample RFPs
- Risk Assessment Tools
- Risk Management Framework
Risk Analysis and Security Evaluation Tools
- Electronic Risk and Requirements Assessment (E-RA)
- CCTA (Central Computer and Telecommunications Agency) Risk Analysis and Management Method (CRAMM)
- Control Objectives for Information and related Technology (COBIT)
- NIST Recommended Security and Privacy Controls for Federal Information Systems and Organizations (SP 800-53)
- NIST's "An Overview of Issues in Testing Intrusion Detection Systems"
- Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE)
- Security Targeting and Analysis of Risks (STAR)
Updated October 2012
Library Items on this Topic
EDUCAUSE Library Items for Security Risk Assessment and Analysis
-
Enterprise Risk Management in Higher Education: Implications for Enterprise IT - Sponsored by Kroll Advisory Solutions
-
April 17, 2013
|
A session at the Security Professionals Conference
Enterprise risk management (ERM) has matured as a discipline within higher education. Colleges and universities are subject to risks to their physical assets, people assets, and cyber assets. The i…
-
Bring Your Own Cloud: Data Management Challenges in a Click-Through World
-
April 17, 2013
|
A session at the Security Professionals Conference
Consumer cloud-based services are easy to set up, low cost, and familiar. It's understandable why clients would automatically turn to them for their data-storage needs. But what happens when…
-
Can Big Data Help Universities Tackle Security, BYOD?
-
July 31, 2012
Universities have some of the most complex IT infrastructures around, and BYOD is a reality they can't escape. Chief Security Officers at universities are increasingly turning to Big Data an…
-
Software-as-a-Service Email Security: Risk vs. Trust
-
May 31, 2012
Many organizations would be interested in treating e-mail as a commodity —cutting costs and resource investments by outsourcing it to a software as a service (SaaS) provider. However, …
-
Raising Awareness of Website Vulnerability: How to Protect Your University's Site from Threats
-
April 5, 2011
|
A session at the Security Professionals Conference 2011
As universities make the complete transition to a web-based interface, they must be aware of the constantly evolving strategies and attacks of hackers looking to exploit vulnerable websites. The im…
-
Seminar 01A - Our Shared Risk, Our Shared Responsibility: Learning to Prevent Confidential Data Loss PLEASE NOTE: Separate registration and fee are required to attend this seminar.
-
April 4, 2011
|
A session at the Security Professionals Conference 2011
The information security team at Texas State University has embarked on a strategic initiative to prevent confidential data leakage through a combination of endpoint protection, data loss preventio…
-
Sensitive Data and Public Systems: Free Tools and Tactical Approaches to Reduce Information Exposure Risk
-
April 5, 2011
|
A session at the Security Professionals Conference 2011
The growing number of public-facing university systems also leads to increased risk of potential disclosure of sensitive information. This session will explore pragmatic, technical approaches secur…
-
Ten Steps to Secure Your Copier or Multi-Function Device (MFD)
-
June 3, 2010
These resources have been gathered to specifically address concerns related to the security of sensitive information that may be stored on the hard drives of copiers, printers, or multi-function …
-
Finding Confidential Information on Compromised Computers
-
April 21, 2009
|
A session at the Security 2009
This presentation will cover the basic approach to examining a computer that has been compromised or infected in order to determine if there is confidential information on the computer, the infecti…
-
Unearthing Sensitive Data--Scaled to Your Institution
-
March 10, 2010
|
A session at the NERCOMP Annual Conference 2010
From small colleges to large universities, all institutions are swimming in an alphabet soup of regulations regarding information privacy and prevention of identity theft: 201 CMR 17, FERPA, HIPAA,…
