Educause Security Discussion mailing list archives
Re: Anyone else doing information security annual reports?
From: Brad Judy <Brad.Judy () COLORADO EDU>
Date: Mon, 19 Jun 2006 13:21:51 -0600
As part of our plans for campus risk assessment services, we expect to have a campus-level risk assessment at least annually that builds upon the risks observed at the department level assessments and notes trends and areas where a campus-wide effort/service might be appropriate. Unfortunately, since this risk management framework is just being spun-up, I don't have any sample campus-level reports. Brad Judy Information Technology Services University of Colorado at Boulder _____ From: James H Moore [mailto:jhmfa () RIT EDU] Sent: Monday, June 19, 2006 12:53 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Anyone else doing information security annual reports? I am looking for information about how context is presented. Usually I pull from "Year in review" types of reports from vendors and other sources (I usually save them in Jan-March, but this year I got busy and forgot). I am still in the process of educating some individuals in management, that we have an active adversary, not just competitors. I don't want to cross over into Fear, Uncertainty, and Doubt, but I also want to caution against putting rose colored glasses on. Any wisdom and/or examples to share would be great. Jim - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 Office: 585-475-5406 Lab: 585-475-4122 Fax: 585-475-7950 "Distrust and caution are the parents of security." -- Benjamin Franklin "We will bankrupt ourselves in the vain search for absolute security." -- Dwight D. Eisenhower
Current thread:
- Anyone else doing information security annual reports? James H Moore (Jun 19)
- <Possible follow-ups>
- Re: Anyone else doing information security annual reports? Steve Lovaas (Jun 19)
- Re: Anyone else doing information security annual reports? Brad Judy (Jun 19)
- Re: Anyone else doing information security annual reports? Brendan Callahan (Jun 19)