4 steps higher ed information security officers can take to manage cyber risk - Brian Kelly and Scott Kannry, Education Dive

The decentralized nature of educational institutions works well for research and learning, but it creates silos from a risk-management perspective. Before CISOs can do anything — for example, create a comprehensive cybersecurity program or implement controls for regulatory compliance — they must first justify their budget requests to a diverse group of stakeholders that perceive and communicate risk in different ways. This requires quantifying risk in a nomenclature that matters to the risk manager as well as to finance, the board of trustees and the provost. This can be achieved by undergoing the following exercise: https://www.educationdive.com/news/4-steps-higher-ed-information-security-officers-can-take-to-manage-cyber-ri/530826/