Educause Security Discussion mailing list archives
Re: IT Security Risk Assessment
From: "Penn, Blake C" <blake.penn () SECURITY GATECH EDU>
Date: Wed, 12 Sep 2018 14:25:50 +0000
Another good free framework is OCTAVE Allegro – and it comes with templates and worksheets that can help save you time: https://resources.sei.cmu.edu/asset_files/TechnicalReport/2007_005_001_14885.pdf I’ve always modified their high-medium-low scoring to 0-10 values, though, as I like more precise quantitative risk scoring. Blake Penn Information Security Policy and Compliance Manager Cyber Security Georgia Institute of Technology (404) 385-5480 blake.penn () security gatech edu From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Larry K. Emmons Sent: Wednesday, 12 September, 2018 10:05 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] IT Security Risk Assessment Our auditors recommended / suggested / accept our use of the HEISC framework on a yearly basis for the internal finance audit. Thanks, Larry Emmons Director of Technology and Support Services Saginaw Valley State University From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Swick, Forrest Sent: Wednesday, September 12, 2018 10:02 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] IT Security Risk Assessment Ron, Take a look at the Educause HEISC Risk Management Framerwork available at: https://library.educause.edu/resources/2015/4/risk-management-framework<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flibrary.educause.edu%2Fresources%2F2015%2F4%2Frisk-management-framework&data=02%7C01%7Clkemmons%40SVSU.EDU%7C53325d7d123f4b760c1908d618b849ee%7C550f45ff3e8342a197d970ad8935b0c5%7C0%7C0%7C636723577155418894&sdata=RJF7nlfgp67Wf006gOo3n%2BE3BCvI0SCMwgSG3KvAyVA%3D&reserved=0> ☺ --Forrest Forrest H. Swick, CISSP Senior Security Engineer Office of Information Security Information Management & Technology [cid:image001.png@01D44A82.813539E0] University of Northern Colorado Carter Hall 3008B 501 20th Street Campus Box 19 Greeley, CO 80639 O: 970-351-1379 C: 970-397-1343 F: 970-351-1650 unco.edu<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.unco.edu%2F&data=02%7C01%7Clkemmons%40SVSU.EDU%7C53325d7d123f4b760c1908d618b849ee%7C550f45ff3e8342a197d970ad8935b0c5%7C0%7C0%7C636723577155418894&sdata=ZjWQYWgKv5FJRZK%2BwiOf4X%2B33ORoO9uHWNxkOgH%2B3Aw%3D&reserved=0> Once a Bear, Always a Bear! Help us, help you! Report all technical issues to the TSC. Phone: 970-351-4357 or 800-545-2331 Online: help.unco.edu<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fhelp.unco.edu%2F&data=02%7C01%7Clkemmons%40SVSU.EDU%7C53325d7d123f4b760c1908d618b849ee%7C550f45ff3e8342a197d970ad8935b0c5%7C0%7C0%7C636723577155418894&sdata=3m491edGpLlHkOqcAhwkIcoWW4R%2BiC6gEB2x5PrQycA%3D&reserved=0> Email: help () unco edu<mailto:help () unco edu> Walk-In: University Center Lower Level From: The EDUCAUSE Security Constituent Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>> On Behalf Of Ronald Loneker Sent: Wednesday, September 12, 2018 7:59 AM To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] IT Security Risk Assessment Good Morning - We are looking at an audit finding recommending an IT security risk assessment. I've seen a discussion in the past here about companies doing risk assessments, but does anyone have a good template they've used in-house to do an assessment of their own to start? Any suggestions on this would be appreciated. Please no vendor solicitations about this subject.. Thank you. Ron Loneker, Jr. Director, IT Special Projects College of Saint Elizabeth Henderson Hall, Room 202C 2 Convent Road Morristown, NJ 07960 Phone: 973-290-4229<tel:973-290-4229> e-mail: rloneker () cse edu<mailto:rloneker () cse edu> **This message originated from outside UNC. Please use caution when opening attachments or following links. Do not enter your UNC credentials when prompted by external links.**
Current thread:
- IT Security Risk Assessment Ronald Loneker (Sep 12)
- Re: IT Security Risk Assessment Swick, Forrest (Sep 12)
- Re: IT Security Risk Assessment Larry K. Emmons (Sep 12)
- Re: IT Security Risk Assessment Penn, Blake C (Sep 12)
- Re: IT Security Risk Assessment Larry K. Emmons (Sep 12)
- Re: IT Security Risk Assessment Swick, Forrest (Sep 12)