Re: HEISC Comparators

["Shamblin, Quinn" <qrs () BU EDU>]

That would be great, Joanna.  We did participate, but I have been having trouble downloading the data, but if I can get 
it and it maps clearly, that would be very helpful.  Thanks!

Should we set up a call to walk through it or is it straightforward enough to discuss via email?

Best,

Quinn R Shamblin                                                  .
Executive Director of Information Security, Boston University

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joanna 
Grama
Sent: Monday, March 02, 2015 11:26 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] HEISC Comparators

Hi Quinn,

This year portions of the HEISC information security assessment tool were incorporated into the EDUCAUSE Core Data 
Survey (CDS) in the information security module (M7).  If Boston University completed module 7 of CDS, then you can 
benchmark information security maturity against peer institutions by using CDS data.  The data that you are looking for 
is in Question 5 and I can provide you with a cross walk between the HEISC tool and the CDS question set if it is 
helpful.

You can access CDS data at: http://www.educause.edu/research-and-publications/research/core-data-service
(click on compare and access data)

Please let me know if you have any questions.

Regards,
Joanna


Joanna Grama, JD, CISSP, CRISC, CIPT
Director of DRA Operations, IT GRC and Cybersecurity Programs
Data, Research, and Analytics
EDUCAUSE
Uncommon Thinking for the Common Good
282 Century Place, Suite 5000, Louisville, CO 80027
direct: 720.406.6769 | main: 303.449.4430 | fax: 303.440.0461 | educause.edu<http://www.educause.edu/>




From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Shamblin, Quinn
Sent: Monday, March 2, 2015 11:02 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] HEISC Comparators

Hi All,

We are working on an in-depth security assessment at BU and one of the tools we used was the EDUCAUSE HEISC security 
assessment tool.  I am looking to get a few comparators results to average for benchmarking purposes.

Have any of you completed a HEISC?  Would you be willing to share your high-level summary numbers for each major 
heading?  (Risk Management: 3.2, Policy: 4.5, or whatever your numbers were...)

Any data you give me will be de-identified and aggregated with the results of others before being used.  They will be 
used to provide context in internal conversations with BU governance and or trustees.

If you are willing to share, please contact me off list.  I am happy to share our numbers in return.
(Remember this list can be read by others, so don't post any numbers here directly.)

Best,

Quinn R Shamblin                                                  .
Executive Director of Information Security, Boston University
CISM, CISSP, ITIL  (Previously GCFA, PMP)
Office: 617-358-6310    Mobile: 617-999-7523
Contact me securely: https://securecontact.me/qrs () bu edu