Educause Security Discussion mailing list archives
Re: EDUCAUSE IT Risk Register Recently Revised
From: Brian Basgen <brian_basgen () EMERSON EDU>
Date: Wed, 14 Sep 2016 13:58:30 +0000
Thank you very much to everyone on the GRC group for creating such an outstanding and helpful document. We have just started using this, and have already found a great deal of value. The careful thought and attention in this document is evident throughout. Thank you for creating such a great resource! One small side note: if this hasn’t been cross posted to the CIO list, I think doing so would be worthwhile. -------------- Brian Basgen Associate Vice President for Information Technology Emerson College 617-824-8186 | it.emerson.edu | @EmersonIT From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Valerie Vogel <vvogel () EDUCAUSE EDU> Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> Date: Tuesday, September 13, 2016 at 11:41 AM To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] EDUCAUSE IT Risk Register Recently Revised Greetings, The IT Risk Register created by the EDUCAUSE IT Governance, Risk, and Compliance program has been recently revised and republished. The newest addition to the risk register is a qualitative risk assessment template for assessing the risks listed in the register. The risks listed can be assessed according to three measures: * Likelihood: How likely it is for the risk to be realized? * Impact: What is the impact to the institution if the risk is realized? * Velocity: What is the speed with which the institution will feel the impact if the risk is realized (also considered an impact time horizon)? The product of these three measures can be used to help institutions prioritize their risk response activities. Higher scores correlate to a risk that may be more important for an institution to address. The risk assessment template also uses color (red = high; yellow = medium; green = low) to indicate higher scores for ease of viewing. You can find the latest IT Risk Register here: https://library.educause.edu/resources/2015/10/it-risk-register Brought to You by the EDUCAUSE IT Governance, Risk, and Compliance Program The risk register and the member advisory council that created it are part of the EDUCAUSE IT Governance, Risk, and Compliance program. The program provides resources that help IT professionals define and implement IT GRC activities on their campuses. Learn more and view additional resources at www.educause.edu/it-grc<http://www.educause.edu/it-grc> Please feel free to share this note with others as needed. Thank you, Valerie Valerie Vogel Program Manager, Cybersecurity EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5374 | main: 202.872.4200 | twitter: @HEISCouncil | educause.edu<http://www.educause.edu/>
Current thread:
- EDUCAUSE IT Risk Register Recently Revised Valerie Vogel (Sep 13)
- <Possible follow-ups>
- Re: EDUCAUSE IT Risk Register Recently Revised Brian Basgen (Sep 14)