Educause Security Discussion mailing list archives
Re: Risk Management primer
From: Valerie Vogel <vvogel () EDUCAUSE EDU>
Date: Tue, 30 Jul 2019 15:41:37 +0000
Michael, Our Information Security Guide includes a chapter on Risk Management, providing a high level overview: https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program/resources/information-security-guide/risk-management It references NIST SP 800-37<https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final> and ISO/IEC 27005:2018<https://www.iso.org/standard/75281.html?browse=tc> (along with other relevant frameworks and standards at the bottom of the page). Thank you, Valerie Valerie Vogel Senior Manager, Cybersecurity Program EDUCAUSE Uncommon Thinking for the Common Good direct: 202.331.5374 | Follow HEISC on LinkedIn<https://www.linkedin.com/showcase/higher-education-information-security-council-heisc-/> | twitter: @HEISCouncil | vvogel () educause edu<mailto:vvogel () educause edu> From: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Colin Glover <colin.glover () SERA-BRYNN COM> Reply-To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU> Date: Tuesday, July 30, 2019 at 8:28 AM To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] Risk Management primer Hi, Because they are out and available I point folks towards the NIST Publications, specifically 800-30, Risk Management Guide for Information Technology Systems and 800-30 rev 1, Guide for Conducting Risk Assessments. Thanks Colin From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Menne, Michael S Sent: Tuesday, July 30, 2019 11:14 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Risk Management primer Hello all, Does anyone have any resources for an Information Security Risk Management primer? I’m not looking for anything complex or an official training course at this point. I’m looking for something simple and basic that I can train the rest of our IT staff on. Thanks Michael Menne, CISSP Chief Information Security Officer IT Solutions Information Security Minnesota State University, Mankato Phone: (507) 389-5705 www.mnsu.edu/its/security<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mnsu.edu%2Fits%2Fsecurity&data=02%7C01%7C%7C54d586e142f5484111d308d715028b40%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C1%7C637000972997779599&sdata=QuZViL1BzClek2QOqae3WfvDKenTf%2FpJbr9pmIhZfF8%3D&reserved=0> [signature_2008603909] Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. CONFIDENTIALTY NOTICE: This email and any attachment(s) contain confidential, privileged and/or proprietary information of Sera-Brynn, LLC. Do not copy or distribute without prior written consent. If you are not a named recipient to the message, please notify the sender immediately and do not retain the message in any form, printed or electronic.
Current thread:
- Risk Management primer Menne, Michael S (Jul 30)
- Re: Risk Management primer Beth Albertson (Jul 30)
- Re: Risk Management primer Colin Glover (Jul 30)
- Re: Risk Management primer Ray Phillips (Jul 30)
- <Possible follow-ups>
- Re: Risk Management primer Valerie Vogel (Jul 30)