Educause Security Discussion mailing list archives
Re: Information Security Risk Assessment Process/Tools
From: "Barton, Robert W." <bartonrt () LEWISU EDU>
Date: Thu, 7 Feb 2019 17:31:46 +0000
OK...we have done a small risk assessment here (qualitative). It was targeting known trouble areas (identified by Networking, directors, and with a little C-suite input). I did most of the collection, and work to do so. We do not have group doing it. We have changed our IT governance, and our data governance model here, so I hope that risk is something that will get more time in the coming months/years. I do have one more hope for a 'group' to work on the issue; since we are a Lasallian Catholic University, I have counterparts in other states. I'm hoping I can drum up support for my model. Robert W. Barton Executive Director of Information Security and Policy Lewis University One University Parkway Romeoville, ILĀ 60446-2200 815-836-5663 -----Original Message----- From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Caston Thomas Sent: Thursday, February 7, 2019 6:57 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Information Security Risk Assessment Process/Tools I worked with this assessment process during the beta rollout. Not sure where it stands today. The founder of the company was formerly the Chief Security Architect for the Department of Homeland Security, and the assessment process was developed in concert with MIT for the DHS. http://www.preventbreach.com/services/ I believe this assessment process is available to any education institution, regardless of where you're located... https://www.michigan.gov/documents/cybersecurity/cysafe_flyer_SOM3_468548_7.pdf Caston Thomas cthomas iworkstech.com This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone at (815)-836-5950 and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you.
Current thread:
- Information Security Risk Assessment Process/Tools Casanova, Jodi (Feb 06)
- <Possible follow-ups>
- Re: Information Security Risk Assessment Process/Tools Valerie Vogel (Feb 06)
- Re: Information Security Risk Assessment Process/Tools Caston Thomas (Feb 07)
- Re: Information Security Risk Assessment Process/Tools Barton, Robert W. (Feb 07)
- Re: Information Security Risk Assessment Process/Tools Richard Phung (Feb 07)
- Re: Information Security Risk Assessment Process/Tools Hagan, Sean (Feb 07)
- Re: Information Security Risk Assessment Process/Tools Barnes, William (Feb 07)
- Re: Information Security Risk Assessment Process/Tools Penn, Blake C (Feb 07)
- Re: Information Security Risk Assessment Process/Tools Casanova, Jodi (Feb 07)
- Re: Information Security Risk Assessment Process/Tools Penn, Blake C (Feb 08)
- Re: Information Security Risk Assessment Process/Tools Barton, Robert W. (Feb 07)