-
Research
and Publications
Current Issue
May/June 2013
EDUCAUSE ReviewPublications
-
Conferences
and Events
Annual Conference
October 15–18, 2013
Register now!Events for all Levels and Interests
Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.
-
Career
Development
EDUCAUSE Institute
Leadership/Management Programs
Explore MoreCareer Center
Leadership and Management Programs
EDUCAUSE Institute
Advanced Programs
Project Management
Jump Start Your Career Growth
Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.
-
Focus Areas
and InitiativesLatest Topics
EDUCAUSE organizes its efforts around three IT Focus Areas
Join These Programs If Your Focus Is
-
Connect
and ContributeFind Others
Get on the Higher Ed IT Map
Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
-
About
EDUCAUSE
Filter by type
- Podcasts (6)
- Blogs (6)
- Articles, Briefs, Papers, and Reports (47)
- Blogs and Wikis (2)
- Certification, Education, Training and Tutorials (3)
- Effective Practices (7)
- Government Documents, Laws, Testimonies or Reports (2)
- Plans and Guidelines (7)
- Policies and Procedures (1)
- Presentations and Seminars (99)
- Programs and Projects (1)
- RFPs (1)
- Surveys (2)
- Tools (8)
- Vendors (1)
Filter by Publications
Filter by Presentations
Filter by Library Taxonomy
- Security Risk Assessment and Analysis [x]
- Cybersecurity (194)
- Security Management (194)
- Information Technology Management and Leadership (81)
- Policy and Law (57)
- Network Security and Applications (48)
- Risk Management (42)
- Data Security (41)
- Campus Policy and Law (37)
- Campus Policies (36)
- Security Planning (34)
- Security Policies (34)
- Security Awareness (30)
- Incident Handling and Response (28)
- Federal Policy and Law (27)
- Identity and Access Management (22)
- Security Implementation (20)
- Cybersecurity Policy (15)
- Network Vulnerability Assessment (14)
- Planning (14)
Resources Developed by the Higher Education Information Security Council (HEISC)
- Information Security Governance
- Information Security Governance Assessment Tool
- Information Security Risk Assessment Consultants List
- Information Security Risk Assessment Sample RFPs
- Risk Assessment Tools
- Risk Management Framework
Risk Analysis and Security Evaluation Tools
- Electronic Risk and Requirements Assessment (E-RA)
- CCTA (Central Computer and Telecommunications Agency) Risk Analysis and Management Method (CRAMM)
- Control Objectives for Information and related Technology (COBIT)
- NIST Recommended Security and Privacy Controls for Federal Information Systems and Organizations (SP 800-53)
- NIST's "An Overview of Issues in Testing Intrusion Detection Systems"
- Operationally Critical Threat, Asset, and Vulnerability EvaluationSM (OCTAVE)
- Security Targeting and Analysis of Risks (STAR)
Updated October 2012
Library Items on this Topic
EDUCAUSE Library Items for Security Risk Assessment and Analysis
-
Stop, Drop, and Roll: Prevent and Douse Cyber Incidents
-
October 24, 2007
|
A session at the EDUCAUSE 2007 Annual Conference
Presenting two best-practice models for cyber incidents: To prevent cyber incidents, learn how to use an uncomplicated cyber risk assessment to help you focus your institution's limited resour…
-
Incident Management Capability Metrics
-
September 19, 2007
The CERT CSIRT Development Team has introduced a method to evaluate and improve an organization's capability for managing computer security incidents. This method uses a set of incident mana…
-
Why File Sharing Networks Are Dangerous
-
September 10, 2007
In this paper the authors analyze P2P security issues, establishing vulnerabilities that software clients represent. The authors go on to present experimental evidence of the risk through honeyp…
-
Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI - Book Review
-
August 29, 2007
Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI Debra S. Herrmann Auerbach Publications, 2007 $119.95 (hardcover), 824 pp…
-
Committee Holds Hearing on Inadvertent File Sharing over Peer-to-Peer Networks
-
July 24, 2007
On Tuesday, July 24, 2007, the Committee held a hearing to examine recent developments regarding inadvertent file sharing over peer-to-peer (P2P) networks, the impact of such sharing on consumers…
-
Security Task Force Strategic Plan 2006-2007 : Making Progress on Data Protection, Risk Assessment, Incident Response and Business Continuity
-
June 20, 2007
This 2006-2007 strategic plan is intended to identify a few key priorities for the next year that will guide and direct the activities of the EDUCAUSE/Internet2 Security Task Force. …
-
Developing a Risk-Based Information Security Program
-
June 13, 2007
|
A session at the EDUCAUSE Southeast Regional Conference 2007
This session will discuss the importance of developing a comprehensive risk-management-based information security program. The focus will be on the benefits of using ISO standards 17799, 27001, and…
-
IT Security Risk Assessment
-
June 11, 2007
This standard defines a methodology and an assessment process for quantifying security risks in the IT environment. This standard defines a metho…
-
Confidential Data Handling Blueprint
-
June 11, 2007
The Confidential Data Handling Toolkit provides a consolidation of resources that are anchored to the overarching themes related to information protection secure data handling. …
-
Lessons Learned from RIT’s First Security Posture Assessment
-
January 1, 2004
Rochester Institute of Technology (RIT) is the 11th largest private university in the United States with approximately 22,500 hosts on our network. We have one of the largest computer science and…
