Educause Security Discussion mailing list archives

Re: Risk Assessment Tool

From: "Stevens, Garrett" <Garrett.Stevens () BHSU EDU>
Date: Thu, 12 Feb 2015 19:29:49 +0000

Hi Dewight,

We have used tools made available through the Higher Education Information Security Council (HEISC).  The Information 
Security Program Self-Assessment Tool performs calculations for you based on your answers. I think it provides a good 
baseline to build upon. Here are the links to the resources.

http://www.educause.edu/library/resources/information-security-program-assessment-tool
https://spaces.internet2.edu/display/2014infosecurityguide/Home
https://spaces.internet2.edu/display/2014infosecurityguide/Risk+Management+Framework (Four Phase Framework)
Old one found on kansasregents.org, direct download link to an xls: 
https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8&ved=0CC4QFjAD&url=https%3A%2F%2Fwww.kansasregents.org%2Fresources%2FOther%2F103-RegentsITSecurityFrameworkv1.0.1.xls&ei=M_zcVI_PM8GlyQT204G4Cg&usg=AFQjCNHwAhMRRH_AE6Y3enf3X1Mc7vknpQ&sig2=64ZSzanCN_7blhDbpJvkpw

Good luck!

Garrett

Garrett Stevens  Systems Software Specialist, MCT, MCSE:SI, MCITP:EA/EMA, HP APS
605.642.6069  |  BHSUhelpdesk () BHSU edu<mailto:bhsuhelpdesk () bhsu edu>

[Description: Description: facebook-logo.png]<http://www.facebook.com/BHSU.NCS>

Network & Computer Services @ Black Hills State University






From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dewight 
Fredrick Kramer
Sent: Thursday, February 12, 2015 11:55 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Risk Assessment Tool

Hello,

We are looking for a tool to help us better perform risk assessments  As such, I am reaching out to this list serve to 
see what others are using as a tool. Please share what ever tool you are using, with that said we are looking for a 
tool that can:

Offer delegation of all or parts of the survey to others, in a secure way (not one account for everyone to share, which 
I had a vendor give as an option).
Roll up the results from the different units into a very general holistic look of a campus.
Preferably uses ISO 27002-2013  Standard, but can use NIST 800-53 r3/r4
Easy to get the tool up and going, and a small learning curve to implement.

Thank you,


Dewight F. Kramer
Information Security Consultant
University of California, Davis
One Shields Avenue
Davis, CA 95616
(530)752-1700
dfkramer () ucdavis edu<mailto:dfkramer () ucdavis edu>
http://security.ucdavis.edu

Current thread:

Risk Assessment Tool Dewight Fredrick Kramer (Feb 12)
- Re: Risk Assessment Tool Stevens, Garrett (Feb 12)
- Re: Risk Assessment Tool Cam Beasley (Feb 12)
- <Possible follow-ups>
- Risk Assessment Tool Stevens, Garrett (Feb 12)