Creating a Risk-Based Security Strategy
This month EDUCAUSE released their 2018 Top 10 IT Issues in Higher Ed. It comes as no surprise that once again Information Security topped the list for the third year running. This year EDUCAUSE phrased the #1 IT issue as “Developing a risk-based security strategy that keeps pace with security threats and challenges.”
That leads us to ask what is a risk-based security strategy and where does a campus start in creating one? Well for starters the authors at EDUCAUSE suggest that campuses “Pick a framework to follow (e.g., the CIS Controls or the NIST Cybersecurity Framework to set a baseline for where you are and to plan for how to improve within the chosen framework.” Assessing risk is critical for both demonstration of required compliance standards (e.g., FERPA, GLBA 314.4(b)) as well as to document institution wide risk over time and thus provide a roadmap to safeguarding risks and maturing campus security posture.
With the EDUCAUSE Security Professional Conference (SPC) only a few weeks away, we at SaltyCloud have decided to take the next few weeks to focus our blog on development of a Risk-based security strategy in Higher Ed. More specifically we will focus on the Role of Risk Assessments within a Risk-based security strategy with the intended goal to drive discussion around several areas pertinent to Higher Ed. Topics will include: Getting Started with an It Risk Assessment in Higher Ed, What Frameworks to Use, How Risk Assessment Fits into a Broader Risk Management Plan and How to Use the Output of a Risk Assessment.
Give us your comments, tell us what you want to hear about, and be sure to check back or subscribe for new posts.
More Saltyblog
-
Conducting the GLBA Pre-Audit Assessment
Conducting a GLBA Pre-Audit Assessment will serve as evidence for your auditors and a guide for your institution
-
Everything about the GLBA in Higher Education
Learn everything you need to know about the GLBA in Higher Education with our comprehensive blog post
-
Conducting IT Risk Assessments Quick Guide
IT Risk Assessments are a critical component of any mature security program. Learn how to conduct your own with this quick guide.
-
HECVAT: Building a VRM Process in Higher Ed
Learn how you can leverage the HECVAT to build a robust and efficient Vendor Risk Management (VRM) process across your higher ed institution.
This month EDUCAUSE released their 2018 Top 10 IT Issues in Higher Ed. It comes as no surprise that once again Information Security topped the list for the third year running. This year EDUCAUSE phrased the #1 IT issue as “Developing a risk-based security strategy that keeps pace with security threats and challenges.”
That leads us to ask what is a risk-based security strategy and where does a campus start in creating one? Well for starters the authors at EDUCAUSE suggest that campuses “Pick a framework to follow (e.g., the CIS Controls or the NIST Cybersecurity Framework to set a baseline for where you are and to plan for how to improve within the chosen framework.” Assessing risk is critical for both demonstration of required compliance standards (e.g., FERPA, GLBA 314.4(b)) as well as to document institution wide risk over time and thus provide a roadmap to safeguarding risks and maturing campus security posture.
With the EDUCAUSE Security Professional Conference (SPC) only a few weeks away, we at SaltyCloud have decided to take the next few weeks to focus our blog on development of a Risk-based security strategy in Higher Ed. More specifically we will focus on the Role of Risk Assessments within a Risk-based security strategy with the intended goal to drive discussion around several areas pertinent to Higher Ed. Topics will include: Getting Started with an It Risk Assessment in Higher Ed, What Frameworks to Use, How Risk Assessment Fits into a Broader Risk Management Plan and How to Use the Output of a Risk Assessment.
Give us your comments, tell us what you want to hear about, and be sure to check back or subscribe for new posts.
More Saltyblog
-
Conducting the GLBA Pre-Audit Assessment
Conducting a GLBA Pre-Audit Assessment will serve as evidence for your auditors and a guide for your institution
-
Everything about the GLBA in Higher Education
Learn everything you need to know about the GLBA in Higher Education with our comprehensive blog post
-
Conducting IT Risk Assessments Quick Guide
IT Risk Assessments are a critical component of any mature security program. Learn how to conduct your own with this quick guide.
-
HECVAT: Building a VRM Process in Higher Ed
Learn how you can leverage the HECVAT to build a robust and efficient Vendor Risk Management (VRM) process across your higher ed institution.
