EDUCAUSE IT Risk Register Recently Revised

[Valerie Vogel <vvogel () EDUCAUSE EDU>]

Greetings,

The IT Risk Register created by the EDUCAUSE IT Governance, Risk, and Compliance program has been recently revised and 
republished. The newest addition to the risk register is a qualitative risk assessment template for assessing the risks 
listed in the register. The risks listed can be assessed according to three measures:

  *   Likelihood:  How likely it is for the risk to be realized?
  *   Impact: What is the impact to the institution if the risk is realized?
  *   Velocity:  What is the speed with which the institution will feel the impact if the risk is realized (also 
considered an impact time horizon)?

The product of these three measures can be used to help institutions prioritize their risk response activities. Higher 
scores correlate to a risk that may be more important for an institution to address. The risk assessment template also 
uses color (red = high; yellow = medium; green = low) to indicate higher scores for ease of viewing.

You can find the latest IT Risk Register here: https://library.educause.edu/resources/2015/10/it-risk-register

Brought to You by the EDUCAUSE IT Governance, Risk, and Compliance Program
The risk register and the member advisory council that created it are part of the EDUCAUSE IT Governance, Risk, and 
Compliance program. The program provides resources that help IT professionals define and implement IT GRC activities on 
their campuses. Learn more and view additional resources at www.educause.edu/it-grc<http://www.educause.edu/it-grc>

Please feel free to share this note with others as needed.

Thank you,
Valerie

Valerie Vogel Program Manager, Cybersecurity

EDUCAUSE
Uncommon Thinking for the Common Good
direct: 202.331.5374 | main: 202.872.4200 | twitter: @HEISCouncil | educause.edu<http://www.educause.edu/>