Educause Security Discussion mailing list archives

Re: EDUCAUSE IT Risk Register Recently Revised

From: Brian Basgen <brian_basgen () EMERSON EDU>
Date: Wed, 14 Sep 2016 13:58:30 +0000


Thank you very much to everyone on the GRC group for creating such an outstanding and helpful document. We have just 
started using this, and have already found a great deal of value. The careful thought and attention in this document is 
evident throughout. Thank you for creating such a great resource!

One small side note: if this hasn’t been cross posted to the CIO list, I think doing so would be worthwhile.

--------------
Brian Basgen
Associate Vice President for Information Technology
Emerson College
617-824-8186 | it.emerson.edu | @EmersonIT

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Valerie Vogel 
<vvogel () EDUCAUSE EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Tuesday, September 13, 2016 at 11:41 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] EDUCAUSE IT Risk Register Recently Revised

Greetings,

The IT Risk Register created by the EDUCAUSE IT Governance, Risk, and Compliance program has been recently revised and 
republished. The newest addition to the risk register is a qualitative risk assessment template for assessing the risks 
listed in the register. The risks listed can be assessed according to three measures:

  *   Likelihood:  How likely it is for the risk to be realized?
  *   Impact: What is the impact to the institution if the risk is realized?
  *   Velocity:  What is the speed with which the institution will feel the impact if the risk is realized (also 
considered an impact time horizon)?
The product of these three measures can be used to help institutions prioritize their risk response activities. Higher 
scores correlate to a risk that may be more important for an institution to address. The risk assessment template also 
uses color (red = high; yellow = medium; green = low) to indicate higher scores for ease of viewing.

You can find the latest IT Risk Register here: https://library.educause.edu/resources/2015/10/it-risk-register

Brought to You by the EDUCAUSE IT Governance, Risk, and Compliance Program
The risk register and the member advisory council that created it are part of the EDUCAUSE IT Governance, Risk, and 
Compliance program. The program provides resources that help IT professionals define and implement IT GRC activities on 
their campuses. Learn more and view additional resources at www.educause.edu/it-grc<http://www.educause.edu/it-grc>

Please feel free to share this note with others as needed.

Thank you,
Valerie

Valerie Vogel Program Manager, Cybersecurity

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5374 | main: 202.872.4200 | twitter: @HEISCouncil | educause.edu<http://www.educause.edu/>

Current thread:

EDUCAUSE IT Risk Register Recently Revised Valerie Vogel (Sep 13)
- <Possible follow-ups>
- Re: EDUCAUSE IT Risk Register Recently Revised Brian Basgen (Sep 14)