Educause Security Discussion mailing list archives
Fwd: [External] Re: [SECURITY] Risk Assessment & Register assistance
From: Theresa Rowe <rowe () OAKLAND EDU>
Date: Thu, 25 Jul 2019 13:33:19 -0400
We engaged a Peer Assessment from REN-ISAC. This worked out very well for us. A peer review team visited our campus. We focused on risk management and organization. We added on review of our incident response processes. The final report came with an action plan that was realistic and targeted appropriately to higher ed. I would highly recommend this approach. I also found that because the report came from the viewpoint of a peer review team from other universities, it garnered more positive response from executives than I originally thought; I think they connected easily because that process is like accreditation review. https://www.ren-isac.net/public-resources/pas/index.html Theresa Rowe Advisory Chief Information Officer Oakland University *From:* "Menne, Michael S" <michael.menne () MNSU EDU> *Date:* July 25, 2019 at 11:06:01 AM EDT *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* *[External] Re: [SECURITY] Risk Assessment & Register assistance* *Reply-To:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> This message was sent from a non-IU address. Please exercise caution when clicking links or opening attachments from external sources. We haven’t, but are looking into it. I know South Dakota State University has. They did a presentation at Educause Security this year. *From:* The EDUCAUSE Security Community Group Listserv < SECURITY () LISTSERV EDUCAUSE EDU> *On Behalf Of *Jim A. Bole *Sent:* Thursday, July 25, 2019 9:40 AM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* Re: [SECURITY] Risk Assessment & Register assistance Has anyone used REN-ISAC for a peer assessment? https://www.ren-isac.net/public-resources/pas/index.html <https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ren-isac.net%2Fpublic-resources%2Fpas%2Findex.html&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7Caf11133ee2c049dd69c208d7110e06bc%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C636996624260963744&sdata=elHSl1J77%2FWPglssu3pxHhWxCSTsed027n%2Bh9OpbMYs%3D&reserved=0> Jim Bole Director of Information Security *Stevenson University* 1525 Greenspring Valley Road Stevenson, MD, 21153-0641 jbole () stevenson edu | O: 443-334-2696 *From:* Ashley Penchion <apenchon () XULA EDU> *Sent:* Wednesday, July 24, 2019 11:49 AM *Subject:* Risk Assessment & Register assistance Has anyone used a vendor to perform a risk assessment and create a risk register? If so, I'd love to get a few vendor names. We're in the market. Thanks *Ashley Penchion* *IT Security Officer, Office of Technology Administration* *Xavier University of Louisiana* *o:* *(504) 520-5410* *a:* *1 Drexel Drive,* *New Orleans, LA 70125* *w:* *www.xula.edu/itc <https://nam02.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.xula.edu%2Fitc&data=02%7C01%7Cmichael.menne%40MNSU.EDU%7Caf11133ee2c049dd69c208d7110e06bc%7C5011c7c60ab446ab9ef4fae74a921a7f%7C0%7C0%7C636996624260963744&sdata=hG6pPR016L20IriTDV2kY%2F1XzPISIT1sG4%2FKsw%2BzUDc%3D&reserved=0>* *e:* *apenchon () xula edu <apenchon () xula edu>* *E-Mail Privacy/FERPA: This communication may contain confidential information and is intended solely for the use of the addressee. If you received it in error, please contact the sender at once and delete the message. This communication may also contain information subject to restrictions of the Family Educational Rights and Privacy Act (FERPA). Such information may not be disclosed or used in any fashion outside the scope of the service for which you are receiving the information.*
Current thread:
- Risk Assessment & Register assistance Ashley Penchion (Jul 24)
- Re: Risk Assessment & Register assistance Casanova, Jodi (Jul 24)
- Re: Risk Assessment & Register assistance Ray Phillips (Jul 24)
- Re: Risk Assessment & Register assistance Chad Tracy (Jul 24)
- Re: [BULK] [SECURITY] Risk Assessment & Register assistance Curt Kappenman (Jul 24)
- Re: Risk Assessment & Register assistance Lee Weers (Jul 24)
- <Possible follow-ups>
- Re: Risk Assessment & Register assistance Jim A. Bole (Jul 25)
- Re: Risk Assessment & Register assistance Menne, Michael S (Jul 25)
- Message not available
- Fwd: [External] Re: [SECURITY] Risk Assessment & Register assistance Theresa Rowe (Jul 25)
- Re: Risk Assessment & Register assistance Menne, Michael S (Jul 25)
- Re: Risk Assessment & Register assistance Mairéad Martin (Jul 25)
- Re: Risk Assessment & Register assistance Menne, Michael S (Jul 25)
- Re: Risk Assessment & Register assistance Mairéad Martin (Jul 25)
- Re: Risk Assessment & Register assistance Beth Albertson (Jul 25)
- Re: Risk Assessment & Register assistance Mairéad Martin (Jul 25)
- Re: Risk Assessment & Register assistance Casanova, Jodi (Jul 25)
- Re: Risk Assessment & Register assistance Bingdong Li (Jul 25)
- Re: Risk Assessment & Register assistance Menne, Michael S (Jul 25)