Foundations for Effective Security Risk and Program Assessment

Tuesday, April 13 | 2:00PM–3:00PM | International B (6th floor)
Session Type: Professional Development
How does an institution assess the risks and effectiveness of something as multifaceted and complex as its risk management and information security programs? An assessment methodology must be valid, reliable, transparent, and defensible. Results should be reported in a consistent format so program strengths and weaknesses are easily identified. Join two universities from Texas to hear how they implemented security-risk and security-program assessment. In this session, the underlying principles of these two programs will be explained so attendees can adapt the methodology to meet the specific needs of their institutions.

Presenters

  • Lori McElroy

  • Lewis Watkins

Resources & Downloads

Action Plan Template
129 KB, PDF
Uploaded on 05/25/2010
Information Security Program Index Chart
39 KB, PDF
Uploaded on 04/28/2010
Information Security Program Index – FAQ
26 KB, PDF
Uploaded on 04/27/2010
Information Security Program Index Scoring ...
143 KB, PDF
Uploaded on 04/27/2010
Session Presentation Slides
379 KB, Powerpoint Slides
Uploaded on 04/15/2010
ISO Mapping Matrix
366 KB, PDF
Uploaded on 04/15/2010
HIPAA Checklist
532 KB, PDF
Uploaded on 04/15/2010
Action Plan Memo Template
63 KB, PDF
Uploaded on 04/15/2010