Re: Anyone else doing information security annual reports?

[Brad Judy <Brad.Judy () COLORADO EDU>]

As part of our plans for campus risk assessment services, we expect to
have a campus-level risk assessment at least annually that builds upon
the risks observed at the department level assessments and notes trends
and areas where a campus-wide effort/service might be appropriate.
Unfortunately, since this risk management framework is just being
spun-up, I don't have any sample campus-level reports.  
 
Brad Judy
 
Information Technology Services
University of Colorado at Boulder


  _____  

From: James H Moore [mailto:jhmfa () RIT EDU] 
Sent: Monday, June 19, 2006 12:53 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Anyone else doing information security annual
reports?



I am looking for information about how context is presented.  Usually I
pull from "Year in review"  types of reports from vendors and other
sources (I usually save them in Jan-March, but this year I got busy and
forgot).  I am still in the process of educating some individuals in
management, that we have an active adversary, not just competitors.  I
don't want to cross over into Fear, Uncertainty, and Doubt, but I also
want to caution against putting rose colored glasses on.

 

Any wisdom and/or examples to share would be great.

 

Jim

 

- - -
Jim Moore, CISSP, IAM
Information Security Officer
Rochester Institute of Technology
13 Lomb Memorial Drive
Rochester, NY 14623-5603
Office: 585-475-5406
Lab: 585-475-4122
Fax: 585-475-7950

"Distrust and caution are the parents of security."  -- Benjamin
Franklin

"We will bankrupt ourselves in the vain search for absolute security."
-- Dwight D. Eisenhower