Security Risk Management

EDUCAUSE Comments: Updated Concerns About Proposed CIRCIA Regulations

Thu, 31 Jul 2025 20:06:53 Z

EDUCAUSE sent a letter to the acting director of CISA in June 2025 that highlights the concerns that we raised about the proposed CIRCIA regulations in 2024 and discusses how Trump administration directives reinforce our conclusion that higher education institutions should not be considered covered entities under the final rules, whenever they are released.

Frequently Asked Questions about Cyber Insurance

Fri, 16 May 2025 12:14:00 Z

This document contains advice intended for general information only. To learn how cyber insurance applies to your institution, please contact your institution’s risk management office or chief information officer.

2025 EDUCAUSE Horizon Report | Teaching and Learning Edition

Wed, 30 Apr 2025 16:49:40 Z

The 2025 EDUCAUSE Horizon Report profiles key trends and emerging technologies and practices shaping the future of teaching and learning, and envisions a number of scenarios and implications for that future.

2025 EDUCAUSE Horizon Action Plan: Supporting Agency, Trust, Transparency, and Involvement

Thu, 13 Mar 2025 17:09:12 Z

This report describes how advancing the future of higher education cybersecurity and privacy will be done by supporting agency, trust, transparency, and involvement among stakeholders.

2024 EDUCAUSE Horizon Report | Cybersecurity and Privacy Edition

Tue, 24 Sep 2024 16:46:52 Z

The 2024 EDUCAUSE Horizon Report profiles key trends and emerging technologies and practices shaping the future of cybersecurity and privacy, and envisions a number of scenarios and implications for that future.

Abstract: Business Continuity and Disaster Recovery Toolkit

Thu, 15 Aug 2024 19:34:16 Z

Use the guidance and templates in this toolkit to prepare for disruptive events before they happen.

EDUCAUSE Comments: Possible NSF Development of a Research Security and Integrity Information Sharing and Analysis Organization (RSI-ISAO)

Fri, 30 Jun 2023 14:17:03 Z

EDUCAUSE provided a response to the National Science Foundation (NSF) on June 27, 2023, regarding its request for comments on the possible development of a research security and integrity information sharing and analysis organization (RSI-ISAO).

EDUCAUSE Comments: NIST Research Cybersecurity Resource Development

Fri, 30 Jun 2023 13:57:19 Z

On June 27, 2023, EDUCAUSE submitted a cover letter and comments to the National Institute of Standards and Technology (NIST) in response to its request for input on the resources that it could develop to support research cybersecurity at colleges and universities.

NIST SP 800-171 Toolkit

Wed, 14 Sep 2022 16:00:01 Z

In this toolkit, you will find an overview of NIST SP 800-171 and its implications for higher education, questions to ask during project planning, 7 Things You Should Know About CMMC to use when speaking with stakeholders and leadership, and a customizable control evaluation.

7 Things You Should Know About Cybersecurity Maturity Model Certification (CMMC)

Thu, 15 Sep 2022 16:31:19 Z

The Cybersecurity Maturity Model Certification (CMMC) is a set of policies and practices that address the protection of federal Controlled Unclassified Information (CUI) data through administrative, physical, and technical controls.

Arctic EWS Research Paper

Mon, 08 Nov 2021 19:07:53 Z

This is a joint research project of Arctic Security and EDUCAUSE, The goal was to establish the utility of external cybersecurity monitoring for higher education, and to identify services that could be made easily accessible and boost the cyber defenses of the association’s members.

Higher Education Regulated Research Workshop Series: A Collective Perspective

Mon, 12 Jul 2021 19:03:31 Z

After an eight month effort concluding in June of 2021, 155 participants from 84 research institutions from across the United States gathered in six facilitated, NSF-sponsored workshop sessions to determine if coming together as a community could improve the support of individual programs to secure regulated data in research involving the Department of Defense or health sciences.

7 Things You Should Know About Endpoint Detection and Response

Tue, 25 May 2021 16:55:56 Z

Endpoint detection and response (EDR) is the process of monitoring endpoint activity in real time, looking for digital threats and implementing measures to halt and remediate those threats.

Learning and Teaching Reimagined: A New Dawn for Higher Education?

Thu, 05 Nov 2020 16:31:22 Z

This JISC report is the result of a five-month higher education initiative to understand the response to COVID-19 and explore the future of digital learning and teaching.

Higher Education Research, Cybersecurity, and CMMC Compliance

Fri, 07 Aug 2020 16:03:53 Z

This brief, a joint effort on the part of EDUCAUSE and PreVeil, was written to clarify the Department of Defense’s (DoD) new Cybersecurity Maturity Model Certification (CMMC) framework and to guide your institution on its journey to CMMC compliance.

Report on Remote Assessment Procedures

Fri, 01 May 2020 20:31:31 Z

Campus Security Awareness Blogs, 2019

Thu, 30 Jan 2020 21:02:31 Z

These 12 EDUCAUSE Review Security Matters column blog posts are part of the 2019 Campus Security Awareness Campaign.

EDUCAUSE Comments: Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Reporting Requirements

Mon, 01 Jul 2024 19:51:43 Z

On July 1, 2024, EDUCAUSE joined with the American Association of Collegiate Registrars and Admissions Officers (AACRAO), the Association of American Universities (AAU), the Association of Governing Boards of Universities and Colleges (AGB), the Association of Public and Land-grant Universities (APLU), and the National Association of Independent Colleges and Universities (NAICU) to submit comments regarding the reporting requirements proposed by the Cybersecurity and Infrastructure Security Agency (CISA) under the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA).

Effective Cybersecurity for Research

Mon, 20 Jun 2022 22:01:43 Z

This paper describes an approach to cybersecurity for research that is showing great promise in breaking the security versus research impasse. A product of years of effort at Indiana University, it focuses exclusively on the researcher and the research mission, reduces the cybersecurity and compliance burden on the researcher, and aims to secure all research.

InfoSec Leadership Survey 2016

Tue, 03 May 2016 17:08:31 Z

This survey seeks to understand skills required of information security leaders in higher education.