EDUCAUSE | Security Task Force Announcements and Security Risk Assessment and Analysis

Security Task Force 2008–2009 Strategic Plan: "Safeguarding Our IT Assets, Protecting Our Community's Privacy"

vvogel — Mon, 08 Sep 2008 11:57:45 -0500

The EDUCAUSE/Internet2 Computer and Network Security Task Force 2008-2009 Strategic Plan is now available online. The Security Task Force (STF) has adopted the theme of "Safeguarding Our IT Assets, Protecting Our Community's Privacy" for 2008-2009. The STF strategic planning process aims to anticipate higher education security issues, enabling campuses to forge joint efforts and solutions and recognizing that security challenges continue to evolve in our digital information world.

The following goals have been identified for 2008-2009 to help focus working group priorities in the near term (12-18 months):

Obtain Executive Commitment and Action
Manage Data to Enhance Privacy and Security Protections
Develop and Promote Effective Practices and Solutions
Explore New Tools and Technologies
Establish and Promote Information-Sharing Mechanisms

Contact us for additional information about the Security Task Force and its activites, as well as STF volunteer opportunities.

New Risk Assessment Resources Available

vvogel — Fri, 14 Mar 2008 11:57:10 -0500

The Security Task Force Risk Assessment Working Group wishes to inform higher education information security practioners of a few recent resource updates which are now available from the Risk Management section of the IT Security Guide.

The Information Security Risk Assessment Consultants list provides a listing of vendors known to have conducted some form of IS risk assessment for at least one higher education institution. The only way a vendor can get onto this list is to be placed there by an EDUCAUSE member institution that has engaged the consultant. Each entry on this list provides a link to the institution which has provided the vendor reference. The list can be a starting place for schools that are seeking a consultant; referencing institutions may be willing to provide additional information about the vendor and the consulting engagement when asked.

The list of Risk Assessment Tools provides links to various tools which can aid with a risk assessment. The tools are a mix of some sold or licensed by vendors, some provided by colleague institutions, and some from associations or standards groups.

The existing PDF version of the Information Security Governance (ISG) Self Assessment Tool for Higher Education has been enhanced by the addition of a Microsoft Excel version which (1) separates each section onto individual worksheets for increased flexibility of analysis and entry and (2) provides for automatic summarization on the separate scoring worksheet.

We hope you find this information useful. If you are able to provide additional information or references for the Risk Assessment Consultants list or the Risk Assessment Tools list, please send an e-mail to the Security Task Force.

Business Continuity Planning at George Mason University

vvogel — Wed, 13 Sep 2006 14:02:23 -0500

Learn more about George Mason University's executive enterprise risk management approach in the September 2006 University Business article, "Business Continuity Planning", by Joy R. Hughes (Security Task Force Co-Chair), et al.

CIFAC Project Final Report (Vol. 2) Released

vvogel — Fri, 18 Aug 2006 18:20:36 -0500

The Computer Incident Factor Analysis and Categorization (CIFAC) Project Final Report, Volume II: Corporate and Not-for-Profit Sample is now available online.

Risk Assessment Framework

vvogel — Mon, 09 Jan 2006 12:47:00 -0600

The EDUCAUSE/Internet2 Security Task Force Risk Assessment Working Group has released the Risk Assessment Framework, which provides a high-level overview of assessing information systems within higher education.

View additional Security Risk Assessment and Analysis resources available in the EDUCAUSE Resource Center.