-
Research
and Publications
Current Issue
May/June 2013
EDUCAUSE ReviewPublications
-
Conferences
and Events
Annual Conference
October 15–18, 2013
Register now!Events for all Levels and Interests
Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.
-
Career
Development
EDUCAUSE Institute
Leadership/Management Programs
Explore MoreCareer Center
Leadership and Management Programs
EDUCAUSE Institute
Advanced Programs
Project Management
Jump Start Your Career Growth
Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.
-
Focus Areas
and InitiativesLatest Topics
EDUCAUSE organizes its efforts around three IT Focus Areas
Join These Programs If Your Focus Is
-
Connect
and ContributeFind Others
Get on the Higher Ed IT Map
Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
-
About
EDUCAUSE
Filter by type
- Podcasts (6)
- Blogs (6)
- Articles, Briefs, Papers, and Reports (47)
- Blogs and Wikis (2)
- Certification, Education, Training and Tutorials (3)
- Effective Practices (7)
- Government Documents, Laws, Testimonies or Reports (2)
- Plans and Guidelines (7)
- Policies and Procedures (1)
- Presentations and Seminars (99)
- Programs and Projects (1)
- RFPs (1)
- Surveys (2)
- Tools (8)
- Vendors (1)
Filter by Publications
Filter by Presentations
Filter by Library Taxonomy
- Security Risk Assessment and Analysis [x]
- Cybersecurity (194)
- Security Management (194)
- Information Technology Management and Leadership (81)
- Policy and Law (57)
- Network Security and Applications (48)
- Risk Management (42)
- Data Security (41)
- Campus Policy and Law (37)
- Campus Policies (36)
- Security Planning (34)
- Security Policies (34)
- Security Awareness (30)
- Incident Handling and Response (28)
- Federal Policy and Law (27)
- Identity and Access Management (22)
- Security Implementation (20)
- Cybersecurity Policy (15)
- Network Vulnerability Assessment (14)
- Planning (14)
Resources Developed by the Higher Education Information Security Council (HEISC)
- Information Security Governance
- Information Security Governance Assessment Tool
- Information Security Risk Assessment Consultants List
- Information Security Risk Assessment Sample RFPs
- Risk Assessment Tools
- Risk Management Framework
Risk Analysis and Security Evaluation Tools
- Electronic Risk and Requirements Assessment (E-RA)
- CCTA (Central Computer and Telecommunications Agency) Risk Analysis and Management Method (CRAMM)
- Control Objectives for Information and related Technology (COBIT)
- NIST Recommended Security and Privacy Controls for Federal Information Systems and Organizations (SP 800-53)
- NIST's "An Overview of Issues in Testing Intrusion Detection Systems"
- Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE)
- Security Targeting and Analysis of Risks (STAR)
Updated October 2012
Library Items on this Topic
EDUCAUSE Library Items for Security Risk Assessment and Analysis
-
Building a Risk-Based Information Security Program
-
May 5, 2008
|
A session at the Security 2008
In 2005, the University of Notre Dame suffered a serious incident that brought information security into the campus spotlight. In response, we partnered with a Big Four consulting firm to conduct a…
-
PKI and LOA: It's Probably Not What You Think
-
April 17, 2008
A level of assurance (LoA) refers to the degree of certainty that (1) a resource owner can assume a specific known physical person is associated with credentials issued by a registration authority,…
-
IT Security Officer Survey
-
April 9, 2008
This April 2008 survey is a critical component of the EDUCAUSE Center on Applied Research (ECAR) study of information security officers in higher education. It seeks to understand the important c…
-
Managing IT Risk in Higher Education: A Methodology
-
March 18, 2008
This research bulletin presents a methodology, used successfully at the University of Technology, Sydney (UTS) in Australia, for managing and assessing risks related to information technology sys…
-
Information Risk Management Policy Template
-
March 17, 2008
The purpose of this policy template is to ensure that risks to University information are identified, analyzed, and managed so that they are maintained at acceptable levels. Risks to the confiden…
-
Information Security Risk Assessment Consultants List
-
March 14, 2008
The Risk Assessment Consultants List is intended as an aid to schools seeking a place to start looking for risk assessment vendors. It provides links to referencing institutions which may be able…
-
Risk Assessment Tools List
-
March 14, 2008
This list of Risk Assessment tools has been developed to assist campuses in the risk assessment planning process. The tools are a mix of some sold or licensed by vendors, some provided by colleag…
-
Appropriate Access: Levels of Assurance
-
February 14, 2008
A level of assurance (LoA) refers to the degree of certainty that (1) a resource owner has that a person's physical self has been adequately verified before credentials are issued by a registr…
-
Lassoing the Beast: How a Large, Diverse University Is Wrapping Its Arms Around Confidential Data
-
October 26, 2007
|
A session at the EDUCAUSE 2007 Annual Conference
Penn designed the security and privacy impact assessment (SPIA) process and tool to raise awareness about where confidential data reside and to assess risks in seven major threat areas, which can b…
-
GSU's Roadmap for a World-Class Information Security Management System: ISO 27001:2005
-
October 24, 2007
|
A session at the EDUCAUSE 2007 Annual Conference
Georgia State University is one of the first universities to embrace the ISO 27001:2005 standard for establishing an information security management system (ISMS). A systematic and disciplined appr…
