IT Risk Registry

["Barton, Robert W." <bartonrt () LEWISU EDU>]

Morning,

With the risk registries you keep for your University/College, do you have an all-encompassing registry (no matter the 
level of risk, it is on there) or do you have a minimum level of risk for an item to be on the registry (maybe cost 
$5000/incident or require 10/personnel hours to fix)?  Do you maybe keep two registries; private to 'IT' (maybe the 
all-encompassing) and then one for leadership ('minimum risk level met' and simplified)?  Do you do a quantitative 
and/or qualitative registry?  If quantitative, what method do you use (I've seen a few methods, but nothing that didn't 
seem like 'art')?

Robert W. Barton
Executive Director of Information Security and Policy
Lewis University
One University Parkway
Romeoville, IL  60446-2200
815-836-5663


This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone at (815)-836-5950 and
(i) destroy this message if a facsimile or (ii) delete this message
immediately if this is an electronic communication.

Thank you.

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community