Re: IT Security Risk Assessment

["Penn, Blake C" <blake.penn () SECURITY GATECH EDU>]

Another good free framework is OCTAVE Allegro – and it comes with templates and worksheets that can help save you time:

https://resources.sei.cmu.edu/asset_files/TechnicalReport/2007_005_001_14885.pdf

I’ve always modified their high-medium-low scoring to 0-10 values, though, as I like more precise quantitative risk 
scoring.


Blake Penn
Information Security Policy and Compliance Manager
Cyber Security
Georgia Institute of Technology
(404) 385-5480
blake.penn () security gatech edu

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Larry K. Emmons
Sent: Wednesday, 12 September, 2018 10:05
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] IT Security Risk Assessment

Our auditors recommended / suggested / accept our use of the HEISC framework on a yearly basis for the internal finance 
audit.


Thanks,
Larry Emmons
Director of Technology and Support Services
Saginaw Valley State University

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Swick, Forrest
Sent: Wednesday, September 12, 2018 10:02 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] IT Security Risk Assessment

Ron,

Take a look at the Educause HEISC Risk Management Framerwork available at:  
https://library.educause.edu/resources/2015/4/risk-management-framework<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flibrary.educause.edu%2Fresources%2F2015%2F4%2Frisk-management-framework&data=02%7C01%7Clkemmons%40SVSU.EDU%7C53325d7d123f4b760c1908d618b849ee%7C550f45ff3e8342a197d970ad8935b0c5%7C0%7C0%7C636723577155418894&sdata=RJF7nlfgp67Wf006gOo3n%2BE3BCvI0SCMwgSG3KvAyVA%3D&reserved=0>

☺

--Forrest

Forrest H. Swick, CISSP
Senior Security Engineer
Office of Information Security
Information Management & Technology

[cid:image001.png@01D44A82.813539E0]

University of Northern Colorado
Carter Hall 3008B
501 20th Street
Campus Box 19
Greeley, CO 80639

O: 970-351-1379
C: 970-397-1343
F: 970-351-1650
unco.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.unco.edu%2F&data=02%7C01%7Clkemmons%40SVSU.EDU%7C53325d7d123f4b760c1908d618b849ee%7C550f45ff3e8342a197d970ad8935b0c5%7C0%7C0%7C636723577155418894&sdata=ZjWQYWgKv5FJRZK%2BwiOf4X%2B33ORoO9uHWNxkOgH%2B3Aw%3D&reserved=0>

Once a Bear, Always a Bear!

Help us, help you!
Report all technical issues to the TSC.
Phone: 970-351-4357 or 800-545-2331
Online: 
help.unco.edu<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhelp.unco.edu%2F&data=02%7C01%7Clkemmons%40SVSU.EDU%7C53325d7d123f4b760c1908d618b849ee%7C550f45ff3e8342a197d970ad8935b0c5%7C0%7C0%7C636723577155418894&sdata=3m491edGpLlHkOqcAhwkIcoWW4R%2BiC6gEB2x5PrQycA%3D&reserved=0>
Email: help () unco edu<mailto:help () unco edu>
Walk-In: University Center Lower Level

From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Ronald Loneker
Sent: Wednesday, September 12, 2018 7:59 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] IT Security Risk Assessment

Good Morning -

We are looking at an audit finding recommending an IT security risk assessment.

I've seen a discussion in the past here about companies doing risk assessments, but does anyone have a good template 
they've used in-house to do an assessment of their own to start?

Any suggestions on this would be appreciated.

Please no vendor solicitations about this subject..

Thank you.

Ron Loneker, Jr.
Director, IT Special Projects
College of Saint Elizabeth
Henderson Hall, Room 202C
2 Convent Road
Morristown, NJ  07960

Phone:  973-290-4229<tel:973-290-4229>

e-mail:  rloneker () cse edu<mailto:rloneker () cse edu>








**This message originated from outside UNC. Please use caution when opening attachments or following links. Do not 
enter your UNC credentials when prompted by external links.**