-
Research
and Publications
Current Issue
March/April 2013
EDUCAUSE ReviewPublications
-
Conferences
and Events
Annual Conference
October 15–18, 2013
Save the date!Events for all Levels and Interests
Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.
-
Career
Development
EDUCAUSE Institute
Leadership/Management Programs
Explore MoreCareer Center
Leadership and Management Programs
EDUCAUSE Institute
Advanced Programs
Project Management
Jump Start Your Career Growth
Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.
-
Focus Areas
and InitiativesLatest Topics
EDUCAUSE organizes its efforts around three IT Focus Areas
Join These Programs If Your Focus Is
-
Connect
and ContributeFind Others
Get on the Higher Ed IT Map
Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
-
About
EDUCAUSE
Filter by type
- Articles, Briefs, Papers, and Reports [x]
Filter by Publications
Filter by Library Taxonomy
- Security Risk Assessment and Analysis [x]
- Cybersecurity (46)
- Security Management (46)
- Information Technology Management and Leadership (22)
- Policy and Law (20)
- Network Security and Applications (15)
- Campus Policy and Law (14)
- Campus Policies (13)
- Security Policies (13)
- Identity and Access Management (12)
- Data Security (11)
- Federal Policy and Law (9)
- Incident Handling and Response (9)
- Risk Management (9)
- Networking and Emerging Technologies (6)
- Security Awareness (6)
- Federal Privacy Law (5)
- Firewalls (5)
- Authentication (4)
- Authorization (4)
Resources Developed by the Higher Education Information Security Council (HEISC)
- Information Security Governance
- Information Security Governance Assessment Tool
- Information Security Risk Assessment Consultants List
- Information Security Risk Assessment Sample RFPs
- Risk Assessment Tools
- Risk Management Framework
Risk Analysis and Security Evaluation Tools
- Electronic Risk and Requirements Assessment (E-RA)
- CCTA (Central Computer and Telecommunications Agency) Risk Analysis and Management Method (CRAMM)
- Control Objectives for Information and related Technology (COBIT)
- NIST Recommended Security and Privacy Controls for Federal Information Systems and Organizations (SP 800-53)
- NIST's "An Overview of Issues in Testing Intrusion Detection Systems"
- Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE)
- Security Targeting and Analysis of Risks (STAR)
Updated October 2012
Library Items on this Topic
EDUCAUSE Library Items for Security Risk Assessment and Analysis
-
7 Things You Should Know About Cloud Security
-
September 3, 2010
Cloud computing promises to provide considerable benefits for colleges and universities, including increased reliability and flexibility, with lower or more transparent costs. At the same time, c…
-
A Systematic, Comprehensive Approach to Information Security
-
July 6, 2005
Information security is a process of business risk management that must be performed on an ongoing basis. It is critical to take an approach to information security that examines the risks and s…
-
A Unified Approach to Information Security Compliance
-
January 1, 2006
© 2006 M. Peter Adler EDUCAUSE Review, vol. 41, no. 5 (September/October 2006): 46–61 M. Peter Adler, JD, LLM, CISSP, CIPP, is the President of Adler InfoSec & Privacy Group LLC …
-
Addressing Information Security Risk
-
January 1, 2005
Current Issues Addressing Information Security Risk A journey, not a destination, security work is never done—the challenges just keep coming By Mohammad H. Qayoumi and Carol Woo…
-
Alternative IT Sourcing: A Discussion of Privacy, Security, and Risk
-
July 21, 2011
In this interview, three higher education privacy, security, and risk professionals discuss the common challenges and opportunities inherent in alternative IT sourcing. The sourcing of I…
-
An Incremental Approach to Building an Information Security Program
-
April 1, 2013
Key Takeaways Constraints such as tight budgets, increased responsibilities, lack of resources or incentive, and disagreement on a common approach to information security pose ch…
-
Can Big Data Help Universities Tackle Security, BYOD?
-
July 31, 2012
Universities have some of the most complex IT infrastructures around, and BYOD is a reality they can't escape. Chief Security Officers at universities are increasingly turning to Big Data an…
-
Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI - Book Review
-
August 29, 2007
Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI Debra S. Herrmann Auerbach Publications, 2007 $119.95 (hardcover), 824 pp…
-
Computer Incident Factor Analysis & Categorization (CIFAC) Project: EDUCAUSE Pilot
-
January 1, 2004
The CIFAC/Security Task Force project accomplished three main objectives: Complete analysis of current literature regarding description and categorization of incidents, Harmonize data from literatu…
-
Computer Incident Factor Analysis and Categorization (CIFAC) Project Final Report, Volume II: Corporate and Not-for-Profit Sample
-
January 1, 2006
The Computer Incident Factor Analysis and Categorization (CIFAC) project received supplemental supportfrom the National Science Foundation in late 2005, making it possible to expand the scope of th…
