Information Security Governance Assessment Tool for Higher Education

[Rodney Petersen <rpetersen () EDUCAUSE EDU>]

I am pleased to announce the release of a new  information security
self-assessment tool developed by the risk assessment working group of
the EDUCAUSE/Internet2 Computer & Network Security Task Force.  The
Information Security Governance Assessment Tool for Higher Education
(http://www.educause.edu/ir/library/pdf/SEC0421.pdf) is designed to help
colleges and universities determine the degree to which they have
implemented an Information Security Governance framework at the
strategic level within their institution. 

The tool is not intended to provide a complete and detailed list of
information security policies or practices that must be followed, nor is
it intended to be a substitute for conducting a thorough risk
assessment.  . Rather, it is intended to help a president or
institutional leadership identify general areas of concern as they
relate to your Information Security Governance framework.  If a
particular question can't be answered affirmatively, then that question
indicates an area the institution needs to examine to determine what
risks may be associated with it and how the institution will address
those risks.

This tool has been adapted from a similar effort within the corporate
community and implements the recommendations of the Corporate Governance
Task Force (www.cyberpartnership.org) in a report issued this past
Spring.  Members of the Security Task Force participated in the process
by examining the appropriateness of the Information Security Governance
framework for educational institutions and non-profit organizations.  We
believe that the framework if adapted to fit our mission and culture is
a useful way to improve information security.  The first section of this
tool will help an institution assess its reliance on information
technology. The remaining sections are intended to help institutions
determine the maturity of information security governance at a strategic
level through sections that assess areas such as processes, people, and
technology. The overall rating (good, needs improvement, poor) will
depend on the raw score and an institution's reliance on information
technology.

We believe that you will find this tool to be a useful way to assess the
status of your information security program and will be a way to engage
your executive leadership at a strategic level.  We welcome your
feedback to the document (send comments to
Security-Task-Force () educause edu) and look forward to hearing from
institutions that implement the assessment tool.

Please let me know if you have any further questions.

-Rodney
-------------------------------------------------- 
Rodney J. Petersen
Policy Analyst & Security Task Force Coordinator

EDUCAUSE 
1150 18th Street, N.W., Suite 1010
Washington, D.C.  20036
(202) 331-5368 / (202) 872-4200 
(202) 872-4318 (FAX) 
EDUCAUSE/Internet2 Security Task Force
www.educause.edu/security <http://www.educause.edu>  
-------------------------------------------------- 


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.