-
Research
and Publications
Current Issue
March/April 2013
EDUCAUSE ReviewPublications
-
Conferences
and Events
Annual Conference
October 15–18, 2013
Save the date!Events for all Levels and Interests
Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.
-
Career
Development
EDUCAUSE Institute
Leadership/Management Programs
Explore MoreCareer Center
Leadership and Management Programs
EDUCAUSE Institute
Advanced Programs
Project Management
Jump Start Your Career Growth
Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.
-
Focus Areas
and InitiativesLatest Topics
EDUCAUSE organizes its efforts around three IT Focus Areas
Join These Programs If Your Focus Is
-
Connect
and ContributeFind Others
Get on the Higher Ed IT Map
Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
-
About
EDUCAUSE
Filter by type
- Podcasts (6)
- Blogs (5)
- Articles, Briefs, Papers, and Reports (46)
- Blogs and Wikis (2)
- Certification, Education, Training and Tutorials (3)
- Effective Practices (7)
- Government Documents, Laws, Testimonies or Reports (2)
- Plans and Guidelines (7)
- Policies and Procedures (1)
- Presentations and Seminars (95)
- Programs and Projects (1)
- RFPs (1)
- Surveys (2)
- Tools (8)
- Vendors (1)
Filter by Publications
Filter by Presentations
Filter by Library Taxonomy
- Security Risk Assessment and Analysis [x]
- Cybersecurity (188)
- Security Management (188)
- Information Technology Management and Leadership (76)
- Policy and Law (57)
- Network Security and Applications (47)
- Risk Management (40)
- Data Security (38)
- Campus Policy and Law (37)
- Campus Policies (36)
- Security Planning (34)
- Security Policies (34)
- Security Awareness (30)
- Incident Handling and Response (28)
- Federal Policy and Law (27)
- Identity and Access Management (22)
- Security Implementation (20)
- Cybersecurity Policy (15)
- Network Vulnerability Assessment (14)
- Planning (13)
Resources Developed by the Higher Education Information Security Council (HEISC)
- Information Security Governance
- Information Security Governance Assessment Tool
- Information Security Risk Assessment Consultants List
- Information Security Risk Assessment Sample RFPs
- Risk Assessment Tools
- Risk Management Framework
Risk Analysis and Security Evaluation Tools
- Electronic Risk and Requirements Assessment (E-RA)
- CCTA (Central Computer and Telecommunications Agency) Risk Analysis and Management Method (CRAMM)
- Control Objectives for Information and related Technology (COBIT)
- NIST Recommended Security and Privacy Controls for Federal Information Systems and Organizations (SP 800-53)
- NIST's "An Overview of Issues in Testing Intrusion Detection Systems"
- Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE)
- Security Targeting and Analysis of Risks (STAR)
Updated October 2012
Library Items on this Topic
EDUCAUSE Library Items for Security Risk Assessment and Analysis
-
IT Security Information - IT Risk Management
-
January 11, 2008
The CU-Boulder IT Security Office has developed a risk management framework and risk assessment service to meet campus needs in identifying and mitigating IT related risk. The risk management fra…
-
Cyber-Insurance Advancement Underscores Data Breach Risk Recognition
-
January 15, 2009
While the market for cyber-insurance remains largely nascent, with most private sector organizations still unable to adequately safeguard their financial and operational well-being against a majo…
-
Risk Management and Cyber Insurance
-
October 7, 2007
The Internet has radically changed the way business (work and personal) is carried out. However, vulnerabilities are pervasive resulting in exposure of organizations and firms to a wide array of …
-
Cyber-Insurance Revisited
-
January 5, 2005
Cyber-insurance is considered as appropriate means to absorb financial losses caused by computer security breaches. Since insurance markets at the same time create incentives to construct more se…
-
RFP Template for Information Security Projects
-
November 10, 2009
This Request For Proposal template was created to help organizations identify and select a quality security vendor to perform professional services work. It also lists questions organizations sho…
-
Information Technology Sector Baseline Risk Assessment
-
August 28, 2009
The IT Sector Baseline Risk Assessment evaluates risk to the IT Sector and focuses on critical IT Sector functions. The assessment methodology is not intended to be guidance for individual entiti…
-
Intrusion Detection: Getting to Know Bro
-
September 14, 2009
The open-source Bro network intrusion detection system provides a flexible framework for high-performance traffic inspection. Bro's extensive application-layer analysis provides deep insight i…
-
Risk Assessment Standards Toolkit: Practical Guidance in Implementing Statements on Auditing Standards 104 Through 111
-
May 21, 2009
In March 2008, Cynthia Pierce and Stuart Miller co-presented a NACUBO Webcast titled "Understanding the Risk Assessment Audit Standards," referring to Statements on Auditing Standards 1…
-
Directions in Security Metrics Research
-
August 20, 2009
More than 100 years ago, Lord Kelvin insightfully observed that measurement is vital to deep knowledge and understanding in physical science. During the last few decades, researchers have made va…
-
Using Nontraditional Security Risk Assessments to Clearly Express Risk, Make Persuasive Budget Requests, and Showcase Positive Trends
-
October 30, 2008
|
A session at the EDUCAUSE 2008 Annual Conference
Learn how Weill Cornell Medical College employs a nontraditional risk management methodology to accurately measure risk, build compelling and successful budget requests, and graphically illustrate …
