Educause Security Discussion mailing list archives
IT Risk Registry
From: "Barton, Robert W." <bartonrt () LEWISU EDU>
Date: Wed, 11 Dec 2019 15:28:36 +0000
Morning, With the risk registries you keep for your University/College, do you have an all-encompassing registry (no matter the level of risk, it is on there) or do you have a minimum level of risk for an item to be on the registry (maybe cost $5000/incident or require 10/personnel hours to fix)? Do you maybe keep two registries; private to 'IT' (maybe the all-encompassing) and then one for leadership ('minimum risk level met' and simplified)? Do you do a quantitative and/or qualitative registry? If quantitative, what method do you use (I've seen a few methods, but nothing that didn't seem like 'art')? Robert W. Barton Executive Director of Information Security and Policy Lewis University One University Parkway Romeoville, IL 60446-2200 815-836-5663 This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone at (815)-836-5950 and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- IT Risk Registry Barton, Robert W. (Dec 11)