-
Research
and Publications
Current Issue
March/April 2013
EDUCAUSE ReviewPublications
-
Conferences
and Events
Annual Conference
October 15–18, 2013
Save the date!Events for all Levels and Interests
Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.
-
Career
Development
EDUCAUSE Institute
Leadership/Management Programs
Explore MoreCareer Center
Leadership and Management Programs
EDUCAUSE Institute
Advanced Programs
Project Management
Jump Start Your Career Growth
Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.
-
Focus Areas
and InitiativesLatest Topics
EDUCAUSE organizes its efforts around three IT Focus Areas
Join These Programs If Your Focus Is
-
Connect
and ContributeFind Others
Get on the Higher Ed IT Map
Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
-
About
EDUCAUSE
Filter by type
- Podcasts (6)
- Blogs (5)
- Articles, Briefs, Papers, and Reports (46)
- Blogs and Wikis (2)
- Certification, Education, Training and Tutorials (3)
- Effective Practices (7)
- Government Documents, Laws, Testimonies or Reports (2)
- Plans and Guidelines (7)
- Policies and Procedures (1)
- Presentations and Seminars (95)
- Programs and Projects (1)
- RFPs (1)
- Surveys (2)
- Tools (8)
- Vendors (1)
Filter by Publications
Filter by Presentations
Filter by Library Taxonomy
- Security Risk Assessment and Analysis [x]
- Cybersecurity (188)
- Security Management (188)
- Information Technology Management and Leadership (76)
- Policy and Law (57)
- Network Security and Applications (47)
- Risk Management (40)
- Data Security (38)
- Campus Policy and Law (37)
- Campus Policies (36)
- Security Planning (34)
- Security Policies (34)
- Security Awareness (30)
- Incident Handling and Response (28)
- Federal Policy and Law (27)
- Identity and Access Management (22)
- Security Implementation (20)
- Cybersecurity Policy (15)
- Network Vulnerability Assessment (14)
- Planning (13)
Resources Developed by the Higher Education Information Security Council (HEISC)
- Information Security Governance
- Information Security Governance Assessment Tool
- Information Security Risk Assessment Consultants List
- Information Security Risk Assessment Sample RFPs
- Risk Assessment Tools
- Risk Management Framework
Risk Analysis and Security Evaluation Tools
- Electronic Risk and Requirements Assessment (E-RA)
- CCTA (Central Computer and Telecommunications Agency) Risk Analysis and Management Method (CRAMM)
- Control Objectives for Information and related Technology (COBIT)
- NIST Recommended Security and Privacy Controls for Federal Information Systems and Organizations (SP 800-53)
- NIST's "An Overview of Issues in Testing Intrusion Detection Systems"
- Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE)
- Security Targeting and Analysis of Risks (STAR)
Updated October 2012
Library Items on this Topic
EDUCAUSE Library Items for Security Risk Assessment and Analysis
-
IdM/IAM and Remote Student Services: Risk Assessment and Identity Management Practices
-
October 15, 2010
|
A session at the EDUCAUSE 2010 Annual Conference
Most campuses offer personalized remote services; some are considering remote identity proofing practices to support higher security access, but all must assess the institutional risk and level of …
-
Ten Steps to Secure Your Copier or Multi-Function Device (MFD)
-
June 3, 2010
These resources have been gathered to specifically address concerns related to the security of sensitive information that may be stored on the hard drives of copiers, printers, or multi-function …
-
Foundations for Effective Security Risk and Program Assessment
-
April 13, 2010
|
A session at the Security 2010
How does an institution assess the risks and effectiveness of something as multifaceted and complex as its risk management and information security programs? An assessment methodology must be valid…
-
Taking Risk Assessment from Project to Process: A Novel Approach
-
April 13, 2010
|
A session at the Security 2010
Although risk assessment is essential to properly set security strategy for effective protection of sensitive information assets, this type of project can be resource intensive and budget unfriendl…
-
Compliance Matrix Poster for IT & Compliance Professionals
-
March 17, 2010
This matrix poster developed by Symantec outlines IT Controls for security and privacy concerns related to regulatory compliance in the workplace. Topics addressed in this poster include: Regu…
-
Finding Confidential Information on Compromised Computers
-
April 21, 2009
|
A session at the Security 2009
This presentation will cover the basic approach to examining a computer that has been compromised or infected in order to determine if there is confidential information on the computer, the infecti…
-
Unearthing Sensitive Data--Scaled to Your Institution
-
March 10, 2010
|
A session at the NERCOMP Annual Conference 2010
From small colleges to large universities, all institutions are swimming in an alphabet soup of regulations regarding information privacy and prevention of identity theft: 201 CMR 17, FERPA, HIPAA,…
-
The Journey to a Successful Risk Assessment: One Strategy Unveiled
-
February 19, 2010
|
A session at the EDUCAUSE Southwest Regional Conference 2010
A sound risk assessment process is one of the building blocks of a maturing information security program. Join the IT Security Team from Texas State University as they reveal the process and proced…
-
ISAAC (Information Security Awareness, Assessment, and Compliance): A Success Story
-
February 24, 2010
Risk assessment and mitigation are challenging in any environment, but especially in the open and decentralized world of higher education. Texas A&M University developed the ISAAC methodology…
-
Building and Assessing an Information Security Program
-
February 18, 2010
|
A session at the EDUCAUSE Southwest Regional Conference 2010
Given continually increasing threats, constant additions to government regulations, and rising costs, every institution must address information security. An effective information security program …
