Educause Security Discussion mailing list archives

Re: Risk Assessment & Register assistance

From: "Casanova, Jodi" <Jodi.Casanova () NORTHERN EDU>
Date: Thu, 25 Jul 2019 20:01:51 +0000

I would be interested as well, Mairead. ☺  Our sister university, South Dakota State University, engaged REN-ISAC so I 
am familiar with their experience, but would love to hear other examples.

Thank you!

Jodi Casanova
Chief IT Security Officer
Director of Networking/Technical Services
Northern State University

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Mairéad Martin
Sent: Thursday, July 25, 2019 2:50 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Risk Assessment & Register assistance

Great! Will send you details for the call too.

And when you’re ready to talk to REN-ISAC directly, the person to talk to there is Susan Coleman (colemans () iu 
edu<mailto:colemans () iu edu>).

Mairéad

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of Beth Albertson <albertb3 () WWU EDU<mailto:albertb3 () WWU EDU>>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>>
Date: Thursday, July 25, 2019 at 1:44 PM
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] Risk Assessment & Register assistance

We at Western Washington University also need a security assessment engagement, and would be interested in hearing the 
details.

Sincerely,

Beth Albertson, CISSP®, PMP®
Director of Information Security
Western Washington University
beth.albertson () wwu edu<mailto:beth.albertson () wwu edu>
(360) 650-4472


Sincerely,

Beth Albertson, CISSP®, PMP®
Director of Information Security
Western Washington University
beth.albertson () wwu edu<mailto:beth.albertson () wwu edu>
(360) 650-4472

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Mairéad Martin
Sent: Thursday, July 25, 2019 11:05 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Risk Assessment & Register assistance

Most certainly, Michael. I’ll host a call next week to chat.

Mairéad

From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of "Menne, Michael S" <michael.menne () MNSU EDU<mailto:michael.menne () MNSU EDU>>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>>
Date: Thursday, July 25, 2019 at 9:23 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] Risk Assessment & Register assistance

I’d be interested in hearing the details of the engagement as well if you wouldn’t mind. We are looking at it as well 
as one of our sister institutions.


Michael Menne, CISSP
Chief Information Security Officer
IT Solutions Information Security
Minnesota State University, Mankato
Phone:  (507) 389-5705

Shop Safe Online. Learn 
More.<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Flink.mnsu.edu%2Fshopsafeonline&data=02%7C01%7C%7C6200a4a5055c444fe51c08d71138772a%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636996806604447167&sdata=bd%2BHdKaF1S7oF1%2Fqsw4mRAQiU73LM7yIPLu3BVrHX4c%3D&reserved=0>

[cid:image001.png@01D341A0.236300E0]

Confidentiality Notice: This e-mail message, including any attachments, is for the sole use of the intended 
recipient(s) and may contain confidential and privileged information.  Any unauthorized review, use, disclosure or 
distribution is prohibited.  If you are not the intended recipient, please contact the sender by reply e-mail and 
destroy all copies of the original message.



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> On Behalf Of Mairéad Martin
Sent: Thursday, July 25, 2019 10:10 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Risk Assessment & Register assistance

Jim,

We have here at EDUCAUSE, specifically to work on our Security Incident Response plan, and it was a very valuable 
engagement. Happy to share the details.

Mairéad Martin
Chief Information Officer

EDUCAUSE<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2F&data=02%7C01%7C%7C6200a4a5055c444fe51c08d71138772a%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636996806604457162&sdata=Bok1Xmt9sTdDnEyPQw2V0TbBlErVGzDv8XN1yosu6qw%3D&reserved=0>
Uncommon Thinking for the Common Good
282 Century Place, Suite 5000  Louisville, CO 80027
direct: 303-939-0318 | main: 303.449.4430 | 
educause.edu<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu%2F&data=02%7C01%7C%7C6200a4a5055c444fe51c08d71138772a%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636996806604467157&sdata=S7C%2FcJkZgIuyJ%2FloFlS%2BEFa6xURV0CDBIzi4lKAzF2I%3D&reserved=0>

Become a Member
Everyone at your organization is an EDUCAUSE member when you join
Discover 
membership<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.educause.edu%2Fabout%2Fdiscover-membership&data=02%7C01%7C%7C6200a4a5055c444fe51c08d71138772a%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636996806604477159&sdata=XWgKVpX6DXbIhFFB0WKDd6XXSktbH6G2VDnHGFojWMo%3D&reserved=0>
 – benefits include event discounts, a vast library of resources, and valuable peer networks



From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>> on behalf of "Jim A. Bole" <jbole () STEVENSON EDU<mailto:jbole () STEVENSON EDU>>
Reply-To: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV 
EDUCAUSE EDU>>
Date: Thursday, July 25, 2019 at 8:40 AM
To: "SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>" <SECURITY () LISTSERV EDUCAUSE 
EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>>
Subject: Re: [SECURITY] Risk Assessment & Register assistance

Has anyone used REN-ISAC for a peer assessment?

https://www.ren-isac.net/public-resources/pas/index.html<https://nam03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ren-isac.net%2Fpublic-resources%2Fpas%2Findex.html&data=02%7C01%7C%7C6200a4a5055c444fe51c08d71138772a%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636996806604477159&sdata=sDIZ8M5Kvsp5JXE7NQueLYRRGmy0fEtjOVlAglK4V%2Fc%3D&reserved=0>

Jim Bole
Director of Information Security
Stevenson University
1525 Greenspring Valley Road
Stevenson, MD, 21153-0641
jbole () stevenson edu<mailto:jbole () stevenson edu> | O: 443-334-2696



From: Ashley Penchion <apenchon () XULA EDU<mailto:apenchon () XULA EDU>>
Sent: Wednesday, July 24, 2019 11:49 AM
Subject: Risk Assessment & Register assistance

Has anyone used a vendor to perform a risk assessment and create a risk register? If so, I'd love to get a few vendor 
names. We're in the market.

Thanks
[Image removed by sender.]
Ashley Penchion
IT Security Officer, Office of Technology Administration
Xavier University of Louisiana
o:
(504) 520-5410
a:
1 Drexel Drive,

New Orleans, LA 70125
w:
www.xula.edu/itc<https://nam03.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.xula.edu%2Fitc&data=02%7C01%7C%7C6200a4a5055c444fe51c08d71138772a%7Cdd4b037fe626495db0170cc0f7dddb37%7C0%7C0%7C636996806604487154&sdata=%2BUE0HxHJmYk4ckSDHsSNyKfiW%2B0fHdyYo%2BelhKegRvs%3D&reserved=0>
e:
apenchon () xula edu<mailto:apenchon () xula edu>

E-Mail Privacy/FERPA: This communication may contain confidential information and is intended solely for the use of the 
addressee. If you received it in error, please contact the sender at once and delete the message. This communication 
may also contain information subject to restrictions of the Family Educational Rights and Privacy Act (FERPA). Such 
information may not be disclosed or used in any fashion outside the scope of the service for which you are receiving 
the information.

Current thread:

Re: [BULK] [SECURITY] Risk Assessment & Register assistance, (continued)
- Re: [BULK] [SECURITY] Risk Assessment & Register assistance Curt Kappenman (Jul 24)
- Re: Risk Assessment & Register assistance Lee Weers (Jul 24)
- Re: Risk Assessment & Register assistance Jim A. Bole (Jul 25)
  - Re: Risk Assessment & Register assistance Menne, Michael S (Jul 25)
    - Message not available
    - Fwd: [External] Re: [SECURITY] Risk Assessment & Register assistance Theresa Rowe (Jul 25)
- Re: Risk Assessment & Register assistance Mairéad Martin (Jul 25)
  - Re: Risk Assessment & Register assistance Menne, Michael S (Jul 25)
    - Re: Risk Assessment & Register assistance Mairéad Martin (Jul 25)
    - Re: Risk Assessment & Register assistance Beth Albertson (Jul 25)
    - Re: Risk Assessment & Register assistance Mairéad Martin (Jul 25)
    - Re: Risk Assessment & Register assistance Casanova, Jodi (Jul 25)
    - Re: Risk Assessment & Register assistance Bingdong Li (Jul 25)
- Re: Risk Assessment & Register assistance Valerie Vogel (Jul 25)