Paul Drake
IT Risk Management Associate Director,
University of Notre Dame
From Risk Surveys to Roadmaps: A Practical Engagement Model for Decentralized IT
Thursday, April 30, 2026 | 1:30PM–2:00PM PT | California Ballroom A, Second Floor
Session Type:
Breakout Session
Delivery Format:
Presentation/Panel
Framework-based risk surveys are common in higher education. However, many institutions struggle to turn assessment results into sustained action—especially in decentralized IT environments. Surveys establish a baseline, yet momentum often stalls once the reporting is complete. This session presents a practical engagement model that builds on periodic, framework-based risk surveys (for example, NIST CSF or CIS) and turns them into actionable roadmaps for decentralized IT teams. Rather than stopping at scores, the model uses survey results to guide structured engagement with security liaisons from non-central IT units and internal subject matter experts. Together, they translate framework outcomes into near-term improvements, longer-term priorities, and observable practice changes appropriate to local contexts. A core feature of the model is a feedback loop that benefits both decentralized teams and central IT. Subject matter experts prepare by refining documentation, clarifying services, and aligning processes, while also hearing directly from campus units about operational needs and gaps. Teams revisit survey outcomes over time to demonstrate progress, refine roadmaps, and make growth visible to both local leadership and central risk functions. Attendees will leave with a transferable approach for reducing survey fatigue and using risk assessments as a repeatable mechanism for measurable risk reduction rather than static reporting.
