Educause Security Discussion mailing list archives
Updated Risk Assessment resources available
From: Ced Bennett <ced.bennett () STANFORD EDU>
Date: Mon, 3 Mar 2008 12:24:55 -0800
Colleagues, The Risk Assessment Working Group wishes to inform higher education information security practioners of a few recent resource updates which are now available from the Risk Management section of the IT Security Guide. Each of these resources can be reached by navigating to the Risk Management section of the IT Security Guide and looking in the Resources Developed by the Security Task Force section of that page; direct URLs are provided within this note for convenience. * Information Security Risk Assessment Consultants - This is a new section which provides a list of vendors known to have conducted some form of IS risk assessment for at least one higher education institution. The only way a vendor can get onto this list is to be placed there by some EDUCAUSE member institution which has engaged the consultant. Each entry on this list provides a link to the institution which has provided the vendor reference. The list can be a starting place for schools which are seeking a consultant; referencing institutions may be willing to provide additional information about the vendor and the consulting engagement when asked. The list can be reached via this URL - <https://wiki.internet2.edu/confluence/display/secguide/Information+Security +Risk+Assessment+Consultants> https://wiki.internet2.edu/confluence/display/secguide/Information+Security+ Risk+Assessment+Consultants The value of this list increases as the number of referenced vendors and referencing institutions increase. If your institution has engaged an information security consultant for some sort of security or risk assessment activity in the past few years, please take a couple of minutes to provide reference information to this list (instructions for easily adding additional references are included as a part of this new section). * Risk Assessment Tools - This is a new section which provides links to various tools which can aid with a risk assessment. The tools are a mix of some sold or licensed by vendors, some provided by colleague institutions, and some from associations or standards groups. It can be reached via this URL - <https://wiki.internet2.edu/confluence/display/secguide/Risk+Assessment+Tool s> https://wiki.internet2.edu/confluence/display/secguide/Risk+Assessment+Tools As with the List of Consultants, the working group would appreciate any references to other such tools to include on this list. * Information Security Governance (ISG) Self Assessment Tool for Higher Education - This existing PDF version of the tool has been enhanced by the addition of a Microsoft Excel version which (1) separates each section onto a individual worksheets for increased flexibility of analysis and entry and (2) provides for automatic summarization on the separate scoring-worksheet. Both versions of this tool can be reached via this URL - http://connect.educause.edu/Library/Abstract/InformationSecurityGovern/43206 We hope you find this information useful -- and are able to provide additional entry data for either of the two new sections. Thank you, Ced Bennett and Kathy Bergsma Co-chairs of the Risk Assessment Working Group
Current thread:
- Updated Risk Assessment resources available Ced Bennett (Mar 03)