Educause Security Discussion mailing list archives

Re: Information Security Risk Assessment Process/Tools

From: "Barton, Robert W." <bartonrt () LEWISU EDU>
Date: Thu, 7 Feb 2019 17:31:46 +0000

OK...we have done a small risk assessment here (qualitative).  It was targeting known trouble areas (identified by 
Networking, directors, and with a little C-suite input).  I did most of the collection, and work to do so.  We do not 
have group doing it.  We have changed our IT governance, and our data governance model here, so I hope that risk is 
something that will get more time in the coming months/years.

I do have one more hope for a 'group' to work on the issue; since we are a Lasallian Catholic University, I have 
counterparts in other states.  I'm hoping I can drum up support for my model.  

Robert W. Barton
Executive Director of Information Security and Policy
Lewis University
One University Parkway
Romeoville, IL  60446-2200
815-836-5663


-----Original Message-----
From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> On Behalf Of Caston Thomas
Sent: Thursday, February 7, 2019 6:57 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Information Security Risk Assessment Process/Tools

I worked with this assessment process during the beta rollout.  Not sure where it stands today.  The founder of the 
company was formerly the Chief Security Architect for the Department of Homeland Security, and the assessment process 
was developed in concert with MIT for the DHS.
http://www.preventbreach.com/services/

I believe this assessment process is available to any education institution, regardless of where you're located...
https://www.michigan.gov/documents/cybersecurity/cysafe_flyer_SOM3_468548_7.pdf

Caston Thomas
cthomas iworkstech.com

This message (including any attachments) is intended only for
the use of the individual or entity to which it is addressed and
may contain information that is non-public, proprietary,
privileged, confidential, and exempt from disclosure under
applicable law or may constitute as attorney work product.
If you are not the intended recipient, you are hereby notified
that any use, dissemination, distribution, or copying of this
communication is strictly prohibited. If you have received this
communication in error, notify us immediately by telephone at (815)-836-5950 and
(i) destroy this message if a facsimile or (ii) delete this message
immediately if this is an electronic communication.

Thank you.

Current thread:

Information Security Risk Assessment Process/Tools Casanova, Jodi (Feb 06)
- <Possible follow-ups>
- Re: Information Security Risk Assessment Process/Tools Valerie Vogel (Feb 06)
- Re: Information Security Risk Assessment Process/Tools Caston Thomas (Feb 07)
  - Re: Information Security Risk Assessment Process/Tools Barton, Robert W. (Feb 07)
    - Re: Information Security Risk Assessment Process/Tools Richard Phung (Feb 07)
    - Re: Information Security Risk Assessment Process/Tools Hagan, Sean (Feb 07)
    - Re: Information Security Risk Assessment Process/Tools Barnes, William (Feb 07)
    - Re: Information Security Risk Assessment Process/Tools Penn, Blake C (Feb 07)
    - Re: Information Security Risk Assessment Process/Tools Casanova, Jodi (Feb 07)
    - Re: Information Security Risk Assessment Process/Tools Penn, Blake C (Feb 08)