Re: Risk Management primer

[Valerie Vogel <vvogel () EDUCAUSE EDU>]

Michael,

Our Information Security Guide includes a chapter on Risk Management, providing a high level overview: 
https://www.educause.edu/focus-areas-and-initiatives/policy-and-security/cybersecurity-program/resources/information-security-guide/risk-management

It references NIST SP 800-37<https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final> and ISO/IEC 
27005:2018<https://www.iso.org/standard/75281.html?browse=tc> (along with other relevant frameworks and standards at 
the bottom of the page).

Thank you,
Valerie

Valerie Vogel
Senior Manager, Cybersecurity Program

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5374 | Follow HEISC on 
LinkedIn<https://www.linkedin.com/showcase/higher-education-information-security-council-heisc-/> | twitter: 
@HEISCouncil | vvogel () educause edu<mailto:vvogel () educause edu>

From: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Colin Glover <colin.glover () 
SERA-BRYNN COM>
Reply-To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU>
Date: Tuesday, July 30, 2019 at 8:28 AM
To: Security Discussion Group List <SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Risk Management primer

Hi,

Because they are out and available I point folks towards the NIST Publications, specifically 800-30, Risk Management 
Guide for Information Technology Systems and 800-30 rev 1, Guide for Conducting Risk Assessments.

Thanks
Colin


From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Menne, Michael S
Sent: Tuesday, July 30, 2019 11:14 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Risk Management primer

Hello all,
Does anyone have any resources for an Information Security Risk Management primer?  I’m not looking for anything 
complex or an official training course at this point. I’m looking for something simple and basic that I can train the 
rest of our IT staff on.

Thanks

Michael Menne, CISSP
Chief Information Security Officer
IT Solutions Information Security
Minnesota State University, Mankato
Phone:  (507) 389-5705
www.mnsu.edu/its/security<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.mnsu.edu%2Fits%2Fsecurity&data=02%7C01%7C%7C54d586e142f5484111d308d715028b40%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C1%7C637000972997779599&sdata=QuZViL1BzClek2QOqae3WfvDKenTf%2FpJbr9pmIhZfF8%3D&reserved=0>

[signature_2008603909]

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or 
distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message.

CONFIDENTIALTY NOTICE: This email and any attachment(s) contain confidential, privileged and/or proprietary information 
of Sera-Brynn, LLC. Do not copy or distribute without prior written consent. If you are not a named recipient to the 
message, please notify the sender immediately and do not retain the message in any form, printed or electronic.