Educause Security Discussion mailing list archives
Risk Tolerance
From: David Eilken <david.eilken () DOMAIL MARICOPA EDU>
Date: Tue, 6 Aug 2019 11:26:08 -0700
All, I'm looking to better understand an appropriate level of risk tolerance for educational institutions; in particular for a large sprawling college that does not do much research (lots of PII, little IP). I thought it be good to ask two simple questions. First, what do you feel is your org's risk tolerance on a scale of 1-10. Ten being that you have information security concerns but don't allocate specific budget for it and are comfortable accepting high levels of cyber risk. Second, although the Educause Security Almanac states an average of 3.6% of IT budget is allocated to IS, it would be interesting to know if you feel that you have the resources to obtain/maintain a reasonable level of PPT (People, Processes, and Technology) for IS that appropriately balances the costs of reducing cyber risks. As always thanks, Dave ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- Risk Tolerance David Eilken (Aug 06)
- Re: Risk Tolerance Stefan Wahe (Aug 08)