Creating a Risk-Based Security Strategy
This month EDUCAUSE released their 2018 Top 10 IT Issues in Higher Ed. It comes as no surprise that once again Information Security topped the list for the third year running. This year EDUCAUSE phrased the #1 IT issue as “Developing a risk-based security strategy that keeps pace with security threats and challenges.”
That leads us to ask what is a risk-based security strategy and where does a campus start in creating one? Well for starters the authors at EDUCAUSE suggest that campuses “Pick a framework to follow (e.g., the CIS Controls or the NIST Cybersecurity Framework to set a baseline for where you are and to plan for how to improve within the chosen framework.” Assessing risk is critical for both demonstration of required compliance standards (e.g., FERPA, GLBA 314.4(b)) as well as to document institution wide risk over time and thus provide a roadmap to safeguarding risks and maturing campus security posture.
With the EDUCAUSE Security Professional Conference (SPC) only a few weeks away, we at SaltyCloud have decided to take the next few weeks to focus our blog on development of a Risk-based security strategy in Higher Ed. More specifically we will focus on the Role of Risk Assessments within a Risk-based security strategy with the intended goal to drive discussion around several areas pertinent to Higher Ed. Topics will include: Getting Started with an It Risk Assessment in Higher Ed, What Frameworks to Use, How Risk Assessment Fits into a Broader Risk Management Plan and How to Use the Output of a Risk Assessment.
Give us your comments, tell us what you want to hear about, and be sure to check back or subscribe for new posts.
IT Risk Assessments are a critical component in a mature security program. That being said implementing a program from scratch can be a daunting task faced with obstructions from all sides
As you start to focus on the issues discovered during a cybersecurity risk assessment, figuring out how to address them can prove difficult. However, there are a few strategies that can help
Spreadsheets can be a powerful tool for organizing all kinds of things, but they have their limits
In-house and outsourced IT risk assessments both have their advantages and disadvantages. Depending on your institution’s needs, it is important to explore different arrangements