-
Research
and Publications
Current Issue
March/April 2013
EDUCAUSE ReviewPublications
-
Conferences
and Events
Annual Conference
October 15–18, 2013
Save the date!Events for all Levels and Interests
Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.
-
Career
Development
EDUCAUSE Institute
Leadership/Management Programs
Explore MoreCareer Center
Leadership and Management Programs
EDUCAUSE Institute
Advanced Programs
Project Management
Jump Start Your Career Growth
Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.
-
Focus Areas
and InitiativesLatest Topics
EDUCAUSE organizes its efforts around three IT Focus Areas
Join These Programs If Your Focus Is
-
Connect
and ContributeFind Others
Get on the Higher Ed IT Map
Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
-
About
EDUCAUSE
Filter by type
- Articles, Briefs, Papers, and Reports [x]
Filter by Publications
Filter by Library Taxonomy
- Security Risk Assessment and Analysis [x]
- Cybersecurity (22)
- Security Management (22)
- Network Security and Applications (8)
- Data Security (7)
- Information Technology Management and Leadership (7)
- Policy and Law (6)
- Federal Policy and Law (5)
- Incident Handling and Response (5)
- Security Awareness (4)
- Federal Privacy Law (3)
- Identity and Access Management (3)
- Risk Management (3)
- Cost Analysis or Assessment (2)
- Financial Management (2)
- Identity Theft (2)
- Information Systems and Services (2)
- Networking and Emerging Technologies (2)
- Intellectual Property (1)
- Privacy (1)
Resources Developed by the Higher Education Information Security Council (HEISC)
- Information Security Governance
- Information Security Governance Assessment Tool
- Information Security Risk Assessment Consultants List
- Information Security Risk Assessment Sample RFPs
- Risk Assessment Tools
- Risk Management Framework
Risk Analysis and Security Evaluation Tools
- Electronic Risk and Requirements Assessment (E-RA)
- CCTA (Central Computer and Telecommunications Agency) Risk Analysis and Management Method (CRAMM)
- Control Objectives for Information and related Technology (COBIT)
- NIST Recommended Security and Privacy Controls for Federal Information Systems and Organizations (SP 800-53)
- NIST's "An Overview of Issues in Testing Intrusion Detection Systems"
- Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE)
- Security Targeting and Analysis of Risks (STAR)
Updated October 2012
Library Items on this Topic
EDUCAUSE Library Items for Security Risk Assessment and Analysis
-
Can Big Data Help Universities Tackle Security, BYOD?
-
July 31, 2012
Universities have some of the most complex IT infrastructures around, and BYOD is a reality they can't escape. Chief Security Officers at universities are increasingly turning to Big Data an…
-
Guide to Enterprise Telework and Remote Access Security (SP 800-46 Revision 1)
-
June 4, 2009
Many organizations’ employees and contractors use enterprise telework technologies to perform work from external locations. Most teleworkers use remote access technologies to interface with an…
-
Ten Steps to Secure Your Copier or Multi-Function Device (MFD)
-
June 3, 2010
These resources have been gathered to specifically address concerns related to the security of sensitive information that may be stored on the hard drives of copiers, printers, or multi-function …
-
Risk Management and Cyber Insurance
-
October 7, 2007
The Internet has radically changed the way business (work and personal) is carried out. However, vulnerabilities are pervasive resulting in exposure of organizations and firms to a wide array of …
-
Cyber-Insurance Revisited
-
January 5, 2005
Cyber-insurance is considered as appropriate means to absorb financial losses caused by computer security breaches. Since insurance markets at the same time create incentives to construct more se…
-
Risk Assessment Standards Toolkit: Practical Guidance in Implementing Statements on Auditing Standards 104 Through 111
-
May 21, 2009
In March 2008, Cynthia Pierce and Stuart Miller co-presented a NACUBO Webcast titled "Understanding the Risk Assessment Audit Standards," referring to Statements on Auditing Standards 1…
-
Directions in Security Metrics Research
-
August 20, 2009
More than 100 years ago, Lord Kelvin insightfully observed that measurement is vital to deep knowledge and understanding in physical science. During the last few decades, researchers have made va…
-
Why File Sharing Networks Are Dangerous
-
September 10, 2007
In this paper the authors analyze P2P security issues, establishing vulnerabilities that software clients represent. The authors go on to present experimental evidence of the risk through honeyp…
-
Computer Incident Factor Analysis and Categorization (CIFAC) Project Final Report, Volume II: Corporate and Not-for-Profit Sample
-
January 1, 2006
The Computer Incident Factor Analysis and Categorization (CIFAC) project received supplemental supportfrom the National Science Foundation in late 2005, making it possible to expand the scope of th…
-
Incident Response at UT Austin
-
January 1, 2006
An interview with VP for IT Dan Updegrove. The recent break-in to an administrative database at the McCombs School of Business at UT Austin (TX), discovered April 21, 2006, may have compromised the…
