Educause Security Discussion mailing list archives
Information Security Governance Assessment Tool for Higher Education
From: Rodney Petersen <rpetersen () EDUCAUSE EDU>
Date: Wed, 17 Nov 2004 19:55:51 -0700
I am pleased to announce the release of a new information security self-assessment tool developed by the risk assessment working group of the EDUCAUSE/Internet2 Computer & Network Security Task Force. The Information Security Governance Assessment Tool for Higher Education (http://www.educause.edu/ir/library/pdf/SEC0421.pdf) is designed to help colleges and universities determine the degree to which they have implemented an Information Security Governance framework at the strategic level within their institution. The tool is not intended to provide a complete and detailed list of information security policies or practices that must be followed, nor is it intended to be a substitute for conducting a thorough risk assessment. . Rather, it is intended to help a president or institutional leadership identify general areas of concern as they relate to your Information Security Governance framework. If a particular question can't be answered affirmatively, then that question indicates an area the institution needs to examine to determine what risks may be associated with it and how the institution will address those risks. This tool has been adapted from a similar effort within the corporate community and implements the recommendations of the Corporate Governance Task Force (www.cyberpartnership.org) in a report issued this past Spring. Members of the Security Task Force participated in the process by examining the appropriateness of the Information Security Governance framework for educational institutions and non-profit organizations. We believe that the framework if adapted to fit our mission and culture is a useful way to improve information security. The first section of this tool will help an institution assess its reliance on information technology. The remaining sections are intended to help institutions determine the maturity of information security governance at a strategic level through sections that assess areas such as processes, people, and technology. The overall rating (good, needs improvement, poor) will depend on the raw score and an institution's reliance on information technology. We believe that you will find this tool to be a useful way to assess the status of your information security program and will be a way to engage your executive leadership at a strategic level. We welcome your feedback to the document (send comments to Security-Task-Force () educause edu) and look forward to hearing from institutions that implement the assessment tool. Please let me know if you have any further questions. -Rodney -------------------------------------------------- Rodney J. Petersen Policy Analyst & Security Task Force Coordinator EDUCAUSE 1150 18th Street, N.W., Suite 1010 Washington, D.C. 20036 (202) 331-5368 / (202) 872-4200 (202) 872-4318 (FAX) EDUCAUSE/Internet2 Security Task Force www.educause.edu/security <http://www.educause.edu> -------------------------------------------------- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Information Security Governance Assessment Tool for Higher Education Rodney Petersen (Nov 17)