Re: Risk Assessment vendor recommendation?

[Jeff Gassaway <base () UNM EDU>]

A few years ago, we used Stroz-Freidberg’s professional services and were very pleased with the outcome and value 
provided.  As Dr. Grisham responded earlier, we use Clifton Larson Allen (CLA) more regularly for assessing our Hybrid 
Covered Entity.  Feel free to reach out to me off-list for details.

Jeff Gassaway, MBA, CISSP, CIPP/E/US, PCIP
Information Security & Privacy Officer
The University of New Mexico

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of David Stack 
<dstack () UWSA EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Wednesday, January 24, 2018 at 3:12 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Risk Assessment vendor recommendation?

The University of Wisconsin System is in the midst of a multi-campus engagement with Stroz-Freidberg. We are impressed 
with what has transpired thus far. Please contact me if you have specific questions.

— David

David Stack
Interim Associate VP & CIO
University of Wisconsin System
dstack () uwsa edu

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of "Hassler, Karl 
D." <khassler () UDEL EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Wednesday, January 24, 2018 at 2:19 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU" <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Risk Assessment vendor recommendation?

I’m looking for recommendations for a consultancy to do a general IT risk assessment/security review.  Any suggestions 
or comments are welcome and why, or why you wouldn’t recommend them.
Thanks!

Karl Hassler, CISSP
Director,  IT Security Policy & Compliance
302-831-3750
302-489-9788