Educause Security Discussion mailing list archives
Re: Risk Assessment Tool
From: "Stevens, Garrett" <Garrett.Stevens () BHSU EDU>
Date: Thu, 12 Feb 2015 19:29:49 +0000
Hi Dewight, We have used tools made available through the Higher Education Information Security Council (HEISC). The Information Security Program Self-Assessment Tool performs calculations for you based on your answers. I think it provides a good baseline to build upon. Here are the links to the resources. http://www.educause.edu/library/resources/information-security-program-assessment-tool https://spaces.internet2.edu/display/2014infosecurityguide/Home https://spaces.internet2.edu/display/2014infosecurityguide/Risk+Management+Framework (Four Phase Framework) Old one found on kansasregents.org, direct download link to an xls: https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=4&cad=rja&uact=8&ved=0CC4QFjAD&url=https%3A%2F%2Fwww.kansasregents.org%2Fresources%2FOther%2F103-RegentsITSecurityFrameworkv1.0.1.xls&ei=M_zcVI_PM8GlyQT204G4Cg&usg=AFQjCNHwAhMRRH_AE6Y3enf3X1Mc7vknpQ&sig2=64ZSzanCN_7blhDbpJvkpw Good luck! Garrett Garrett Stevens Systems Software Specialist, MCT, MCSE:SI, MCITP:EA/EMA, HP APS 605.642.6069 | BHSUhelpdesk () BHSU edu<mailto:bhsuhelpdesk () bhsu edu> [Description: Description: facebook-logo.png]<http://www.facebook.com/BHSU.NCS> Network & Computer Services @ Black Hills State University From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dewight Fredrick Kramer Sent: Thursday, February 12, 2015 11:55 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Risk Assessment Tool Hello, We are looking for a tool to help us better perform risk assessments As such, I am reaching out to this list serve to see what others are using as a tool. Please share what ever tool you are using, with that said we are looking for a tool that can: Offer delegation of all or parts of the survey to others, in a secure way (not one account for everyone to share, which I had a vendor give as an option). Roll up the results from the different units into a very general holistic look of a campus. Preferably uses ISO 27002-2013 Standard, but can use NIST 800-53 r3/r4 Easy to get the tool up and going, and a small learning curve to implement. Thank you, Dewight F. Kramer Information Security Consultant University of California, Davis One Shields Avenue Davis, CA 95616 (530)752-1700 dfkramer () ucdavis edu<mailto:dfkramer () ucdavis edu> http://security.ucdavis.edu
Current thread:
- Risk Assessment Tool Dewight Fredrick Kramer (Feb 12)
- Re: Risk Assessment Tool Stevens, Garrett (Feb 12)
- Re: Risk Assessment Tool Cam Beasley (Feb 12)
- <Possible follow-ups>
- Risk Assessment Tool Stevens, Garrett (Feb 12)