-
Research
and Publications
Current Issue
March/April 2013
EDUCAUSE ReviewPublications
-
Conferences
and Events
Annual Conference
October 15–18, 2013
Save the date!Events for all Levels and Interests
Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.
-
Career
Development
EDUCAUSE Institute
Leadership/Management Programs
Explore MoreCareer Center
Leadership and Management Programs
EDUCAUSE Institute
Advanced Programs
Project Management
Jump Start Your Career Growth
Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.
-
Focus Areas
and InitiativesLatest Topics
EDUCAUSE organizes its efforts around three IT Focus Areas
Join These Programs If Your Focus Is
-
Connect
and ContributeFind Others
Get on the Higher Ed IT Map
Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
-
About
EDUCAUSE
Filter by type
- Podcasts (6)
- Blogs (5)
- Articles, Briefs, Papers, and Reports (46)
- Blogs and Wikis (2)
- Certification, Education, Training and Tutorials (3)
- Effective Practices (7)
- Government Documents, Laws, Testimonies or Reports (2)
- Plans and Guidelines (7)
- Policies and Procedures (1)
- Presentations and Seminars (95)
- Programs and Projects (1)
- RFPs (1)
- Surveys (2)
- Tools (8)
- Vendors (1)
Filter by Publications
Filter by Presentations
Filter by Library Taxonomy
- Security Risk Assessment and Analysis [x]
- Cybersecurity (188)
- Security Management (188)
- Information Technology Management and Leadership (76)
- Policy and Law (57)
- Network Security and Applications (47)
- Risk Management (40)
- Data Security (38)
- Campus Policy and Law (37)
- Campus Policies (36)
- Security Planning (34)
- Security Policies (34)
- Security Awareness (30)
- Incident Handling and Response (28)
- Federal Policy and Law (27)
- Identity and Access Management (22)
- Security Implementation (20)
- Cybersecurity Policy (15)
- Network Vulnerability Assessment (14)
- Planning (13)
Resources Developed by the Higher Education Information Security Council (HEISC)
- Information Security Governance
- Information Security Governance Assessment Tool
- Information Security Risk Assessment Consultants List
- Information Security Risk Assessment Sample RFPs
- Risk Assessment Tools
- Risk Management Framework
Risk Analysis and Security Evaluation Tools
- Electronic Risk and Requirements Assessment (E-RA)
- CCTA (Central Computer and Telecommunications Agency) Risk Analysis and Management Method (CRAMM)
- Control Objectives for Information and related Technology (COBIT)
- NIST Recommended Security and Privacy Controls for Federal Information Systems and Organizations (SP 800-53)
- NIST's "An Overview of Issues in Testing Intrusion Detection Systems"
- Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE)
- Security Targeting and Analysis of Risks (STAR)
Updated October 2012
Library Items on this Topic
EDUCAUSE Library Items for Security Risk Assessment and Analysis
-
The Cost of Preventing Breaches
-
November 4, 2009
|
A session at the EDUCAUSE 2009 Annual Conference
We all know only too well that there are significant costs associated with both experiencing and preventing data breaches, and we are continually challenged with finding the right mix of people, pr…
-
The Career of the IT Security Officer in Higher Education
-
July 1, 2009
This ECAR occasional paper reports the result of a study designed to understand and document the attributes and responsibilities of the relatively new role of information security officer in high…
-
Leveraging Resources in Building Your Information Security Program
-
April 22, 2009
|
A session at the Security 2009
This talk addresses key information security building blocks and how to leverage campus and other resources in developing and supporting these programs. Physical security, risk assessment and audit…
-
Improving Security Event Correlation and Analysis Using Intelligent Agents
-
April 22, 2009
|
A session at the Security 2009
Attacks on computer resources are security events that are more complex and difficult to quickly and effectively collect, analyze, and respond to. This presentation will explain how the use of inte…
-
Novel Approaches to Developing Governance, Risk, and Compliance Programs
-
April 22, 2009
|
A session at the Security 2009
Legislative requirements are accumulating as rapidly as sophisticated threats to institutional data. How does an institution develop a strategic response that incorporates all necessary requireme…
-
REN-ISAC and CSI2—The Security Event System
-
April 22, 2009
|
A session at the Security 2009
The REN-ISAC in partnership with the Internet2 SALSA CSI2 Working Group has identified clear benefit in the sharing and correlation of security event data among institutions and organizations parti…
-
An Auditor's Perspective on Frameworks for Information Systems Security in Higher Education
-
April 21, 2009
|
A session at the Security 2009
How do security professionals work with business owners and data stewards to create an effective framework for information and information system security that is practical, predictive, and flexibl…
-
Conducting Internal PCI DSS Assessments
-
April 21, 2009
|
A session at the Security 2009
Like many higher education institutions, Penn State has come to rely on the ease of use of credit cards as an acceptable form of payment for tuition, products, services, and donations. From a finan…
-
A Tour of the Security Task Force's IT Risk Management Framework
-
April 21, 2009
|
A session at the Security 2009
No one can be oblivious to the data privacy and security risks that our institutions face these days. The real question is, what can we do about it? Most security experts agree that a fundamental s…
-
Information Security from the Ground Up
-
March 23, 2009
|
A session at the EDUCAUSE Midwest Regional Conference 2009
In 2005 the University of Notre Dame suffered a serious incident that brought information security into the campus spotlight. In response, we partnered with a Big Four consulting firm to conduct a …
