Fwd: [External] Re: [SECURITY] Risk Assessment & Register assistance

[Theresa Rowe <rowe () OAKLAND EDU>]

We engaged a Peer Assessment from REN-ISAC.  This worked out very well for
us.  A peer review team visited our campus.  We focused on risk management
and organization.  We added on review of our incident response processes.
The final report came with an action plan that was realistic and targeted
appropriately to higher ed.  I would highly recommend this approach.  I
also found that because the report came from the viewpoint of a peer review
team from other universities, it garnered more positive response from
executives than I originally thought; I think they connected easily because
that process is like accreditation review.

https://www.ren-isac.net/public-resources/pas/index.html


Theresa Rowe
Advisory Chief Information Officer
Oakland University





*From:* "Menne, Michael S" <michael.menne () MNSU EDU>
*Date:* July 25, 2019 at 11:06:01 AM EDT
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* *[External] Re: [SECURITY] Risk Assessment & Register assistance*
*Reply-To:* The EDUCAUSE Security Community Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU>

This message was sent from a non-IU address. Please exercise caution when
clicking links or opening attachments from external sources.

We haven’t, but are looking into it. I know South Dakota State University
has. They did a presentation at Educause Security this year.



*From:* The EDUCAUSE Security Community Group Listserv <
SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Jim A. Bole
*Sent:* Thursday, July 25, 2019 9:40 AM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* Re: [SECURITY] Risk Assessment & Register assistance



Has anyone used REN-ISAC for a peer assessment?



https://www.ren-isac.net/public-resources/pas/index.html
<https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ren-isac.net%2Fpublic-resources%2Fpas%2Findex.html&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7Caf11133ee2c049dd69c208d7110e06bc%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C636996624260963744&sdata=elHSl1J77%2FWPglssu3pxHhWxCSTsed027n%2Bh9OpbMYs%3D&reserved=0>



Jim Bole

Director of Information Security

*Stevenson University*

1525 Greenspring Valley Road

Stevenson, MD, 21153-0641

jbole () stevenson edu | O: 443-334-2696







*From:* Ashley Penchion <apenchon () XULA EDU>
*Sent:* Wednesday, July 24, 2019 11:49 AM
*Subject:* Risk Assessment & Register assistance



Has anyone used a vendor to perform a risk assessment and create a risk
register? If so, I'd love to get a few vendor names. We're in the market.



Thanks

*Ashley Penchion*

*IT Security Officer, Office of Technology Administration*

*Xavier University of Louisiana*

*o:*

*(504) 520-5410*

*a:*

*1 Drexel Drive,*



*New Orleans, LA 70125*

*w:*

*www.xula.edu/itc
<https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.xula.edu%2Fitc&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7Caf11133ee2c049dd69c208d7110e06bc%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C636996624260963744&sdata=hG6pPR016L20IriTDV2kY%2F1XzPISIT1sG4%2FKsw%2BzUDc%3D&reserved=0>*

*e:*

*apenchon () xula edu <apenchon () xula edu>*



*E-Mail Privacy/FERPA: This communication may contain confidential
information and is intended solely for the use of the addressee. If you
received it in error, please contact the sender at once and delete the
message. This communication may also contain information subject to
restrictions of the Family Educational Rights and Privacy Act (FERPA). Such
information may not be disclosed or used in any fashion outside the scope
of the service for which you are receiving the information.*