-
Research
and Publications
Current Issue
May/June 2013
EDUCAUSE ReviewPublications
-
Conferences
and Events
Annual Conference
October 15–18, 2013
Register now!Events for all Levels and Interests
Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.
-
Career
Development
EDUCAUSE Institute
Leadership/Management Programs
Explore MoreCareer Center
Leadership and Management Programs
EDUCAUSE Institute
Advanced Programs
Project Management
Jump Start Your Career Growth
Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.
-
Focus Areas
and InitiativesLatest Topics
EDUCAUSE organizes its efforts around three IT Focus Areas
Join These Programs If Your Focus Is
-
Connect
and ContributeFind Others
Get on the Higher Ed IT Map
Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
-
About
EDUCAUSE
Filter by type
- Podcasts (3)
- Blogs (2)
- Articles, Briefs, Papers, and Reports (23)
- Certification, Education, Training and Tutorials (1)
- Effective Practices (1)
- Government Documents, Laws, Testimonies or Reports (1)
- Plans and Guidelines (4)
- Presentations and Seminars (36)
- Programs and Projects (1)
- Surveys (2)
- Tools (6)
- Vendors (1)
Filter by Publications
Filter by Presentations
Filter by Library Taxonomy
- Information Technology Management and Leadership [x]
- Security Risk Assessment and Analysis [x]
- Cybersecurity (81)
- Security Management (81)
- Risk Management (42)
- Policy and Law (21)
- Data Security (16)
- Security Planning (16)
- Campus Policy and Law (14)
- Planning (14)
- Campus Policies (13)
- Security Policies (13)
- Identity and Access Management (11)
- Federal Policy and Law (10)
- Incident Handling and Response (8)
- Institutional Management (8)
- Network Security and Applications (8)
- Security Implementation (8)
- Business Continuity (6)
- Staffing (6)
Resources Developed by the Higher Education Information Security Council (HEISC)
- Information Security Governance
- Information Security Governance Assessment Tool
- Information Security Risk Assessment Consultants List
- Information Security Risk Assessment Sample RFPs
- Risk Assessment Tools
- Risk Management Framework
Risk Analysis and Security Evaluation Tools
- Electronic Risk and Requirements Assessment (E-RA)
- CCTA (Central Computer and Telecommunications Agency) Risk Analysis and Management Method (CRAMM)
- Control Objectives for Information and related Technology (COBIT)
- NIST Recommended Security and Privacy Controls for Federal Information Systems and Organizations (SP 800-53)
- NIST's "An Overview of Issues in Testing Intrusion Detection Systems"
- Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE)
- Security Targeting and Analysis of Risks (STAR)
Updated October 2012
Library Items on this Topic
EDUCAUSE Library Items for Security Risk Assessment and Analysis
-
Software-as-a-Service Email Security: Risk vs. Trust
-
May 31, 2012
Many organizations would be interested in treating e-mail as a commodity —cutting costs and resource investments by outsourcing it to a software as a service (SaaS) provider. However, …
-
Governance, Risk, and Compliance Systems in Higher Education
-
May 16, 2012
|
A session at the Security Professionals Conference 2012
GRC (governance, risk, and compliance) systems are integrated applications that help automate the policy development and dissemination process; the tracking of requirements of law, regulations, s…
-
Alternative IT Sourcing: A Discussion of Privacy, Security, and Risk
-
July 21, 2011
In this interview, three higher education privacy, security, and risk professionals discuss the common challenges and opportunities inherent in alternative IT sourcing. The sourcing of I…
-
Practical Approaches to Effective Risk Management
-
October 20, 2011
|
A session at the EDUCAUSE 2011 Annual Conference
Make the transition from a reactive to proactive security program. Most security experts agree that risk management is fundamental to effective information security. In this interactive seminar, le…
-
Do They Measure Up? Assessing the Security Posture of Third-Party Service Providers
-
April 5, 2011
|
A session at the Security Professionals Conference 2011
In these days of outsourcing, SaaS, and clouds, higher education is increasingly turning to third parties to host institution-owned data to gain efficiencies and reduce cost. But how do we assess t…
-
Proactive Compliance Through Information Systems Risk Management
-
January 12, 2011
|
A session at the Mid-Atlantic Regional Conference 2011
Moving compliance from a reactive approach to a proactive approach does not occur overnight. It is a journey with many opportunities for failure or success. Compliance can be obtained proactively…
-
7 Things You Should Know About Cloud Security
-
September 3, 2010
Cloud computing promises to provide considerable benefits for colleges and universities, including increased reliability and flexibility, with lower or more transparent costs. At the same time, c…
-
IdM/IAM and Remote Student Services: Risk Assessment and Identity Management Practices
-
October 15, 2010
|
A session at the EDUCAUSE 2010 Annual Conference
Most campuses offer personalized remote services; some are considering remote identity proofing practices to support higher security access, but all must assess the institutional risk and level of …
-
Foundations for Effective Security Risk and Program Assessment
-
April 13, 2010
|
A session at the Security 2010
How does an institution assess the risks and effectiveness of something as multifaceted and complex as its risk management and information security programs? An assessment methodology must be valid…
-
Taking Risk Assessment from Project to Process: A Novel Approach
-
April 13, 2010
|
A session at the Security 2010
Although risk assessment is essential to properly set security strategy for effective protection of sensitive information assets, this type of project can be resource intensive and budget unfriendl…
