-
Research
and Publications
Current Issue
May/June 2013
EDUCAUSE ReviewPublications
-
Conferences
and Events
Annual Conference
October 15–18, 2013
Register now!Events for all Levels and Interests
Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.
-
Career
Development
EDUCAUSE Institute
Leadership/Management Programs
Explore MoreCareer Center
Leadership and Management Programs
EDUCAUSE Institute
Advanced Programs
Project Management
Jump Start Your Career Growth
Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.
-
Focus Areas
and InitiativesLatest Topics
EDUCAUSE organizes its efforts around three IT Focus Areas
Join These Programs If Your Focus Is
-
Connect
and ContributeFind Others
Get on the Higher Ed IT Map
Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
-
About
EDUCAUSE
Filter by type
- Podcasts (6)
- Blogs (6)
- Articles, Briefs, Papers, and Reports (47)
- Blogs and Wikis (2)
- Certification, Education, Training and Tutorials (3)
- Effective Practices (7)
- Government Documents, Laws, Testimonies or Reports (2)
- Plans and Guidelines (7)
- Policies and Procedures (1)
- Presentations and Seminars (99)
- Programs and Projects (1)
- RFPs (1)
- Surveys (2)
- Tools (8)
- Vendors (1)
Filter by Publications
Filter by Presentations
Filter by Library Taxonomy
- Security Risk Assessment and Analysis [x]
- Cybersecurity (194)
- Security Management (194)
- Information Technology Management and Leadership (81)
- Policy and Law (57)
- Network Security and Applications (48)
- Risk Management (42)
- Data Security (41)
- Campus Policy and Law (37)
- Campus Policies (36)
- Security Planning (34)
- Security Policies (34)
- Security Awareness (30)
- Incident Handling and Response (28)
- Federal Policy and Law (27)
- Identity and Access Management (22)
- Security Implementation (20)
- Cybersecurity Policy (15)
- Network Vulnerability Assessment (14)
- Planning (14)
Resources Developed by the Higher Education Information Security Council (HEISC)
- Information Security Governance
- Information Security Governance Assessment Tool
- Information Security Risk Assessment Consultants List
- Information Security Risk Assessment Sample RFPs
- Risk Assessment Tools
- Risk Management Framework
Risk Analysis and Security Evaluation Tools
- Electronic Risk and Requirements Assessment (E-RA)
- CCTA (Central Computer and Telecommunications Agency) Risk Analysis and Management Method (CRAMM)
- Control Objectives for Information and related Technology (COBIT)
- NIST Recommended Security and Privacy Controls for Federal Information Systems and Organizations (SP 800-53)
- NIST's "An Overview of Issues in Testing Intrusion Detection Systems"
- Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE)
- Security Targeting and Analysis of Risks (STAR)
Updated October 2012
Library Items on this Topic
EDUCAUSE Library Items for Security Risk Assessment and Analysis
-
Security Assessments for Information Technology
-
October 20, 2005
|
A session at the EDUCAUSE 2005 Annual Conference
Baylor University recently conducted a campus-wide information technology security assessment. The session will present the assessment process, from choosing a consultant to remediation of the asse…
-
Data Incident Notification Toolkit
-
January 1, 2005
The Data Incident Notification Toolkit includes resources that cover a range of issues that commonly arise in the heat of the moment when responding to data incidents. If your institution has a d…
-
Emerging Cybersecurity Issues Threaten Federal
Information Systems
-
January 1, 2005
Federal agencies are facing a set of emerging cybersecurity threats that are the result of increasingly sophisticated methods of attack and the blending of once distinct types of attack into more c…
-
A Systematic, Comprehensive Approach to Information Security
-
July 6, 2005
Information security is a process of business risk management that must be performed on an ongoing basis. It is critical to take an approach to information security that examines the risks and s…
-
Lessons Learned in the Establishment of a Vulnerability Assessment Program
-
June 8, 2005
|
A session at the EDUCAUSE Southeast Regional Conference 2005
Proactive security assessments provide considerable value to educational institutions, yet several key elements are required to implement a successful program. Representatives from the University o…
-
Citadel Security Software - Are You Vulnerable?
-
April 27, 2005
|
A session at the EDUCAUSE Western Regional Conference 2005
This presentation introduces a best-practices approach to implementing a full life-cycle vulnerability management process to ensure the highest level of security and policy compliance on campus. At…
-
The “Zen” of Risk Assessment
-
January 1, 2005
Good Ideas The "Zen" of Risk Assessment The time and resources needed for proper risk assessment can be mitigated and the benefits magnified by making assessment an ongoing, rule-…
-
What Does Privacy Have to Do with IT? Privacy Risk Assessment
-
April 4, 2005
|
A session at the Security 2005
Privacy and security measures complement each other, and a sound security program incorporates privacy law and regulatory requirements into its policies, procedures, and protocols. This session pro…
-
SEM01P - Ways to Fit Security Risk Management to Your Environment Using the OCTAVE Methodology PLEASE NOTE: Separate registration and fee are required to attend this seminar.
-
April 3, 2005
|
A session at the Security 2005
This tutorial provides insight into the flexibility and applicability of the Operationally Critical Threat, Asset, Vulnerability Evaluation (OCTAVE) methodology for security risk management in high…
-
SunGard Collegis Inc. - Spooks in the Machine: Proactive Strategies for Securing Your Network
-
April 5, 2005
|
A session at the Security 2005
With the rise of spam, spyware, and viruses, the push is on to develop strategies to better protect our institutions. From aligning security goals with institutional objectives, to security assessm…
