...
Version 2.0 -- October 2008 (see comment below for more information) 
Purpose:
The EDUCAUSE/Internet2 Higher Education Information Security Council (formerly the Security Task ForceHEISC) risk assessment / management framework is intended to provide high-level guidance for an effective cyber-risk assessment and management process for institutions of higher education. It is intended to provide a model process which can be adapted, as needed, for any institution regardless of size, funding model, or culture.
Background and overview:
In virtually every aspect of education, research, and administration there is an increased reliance on digital information and the technologies that support it. With this comes an increasing level of responsibility to protect these information assets from accidental or malicious exposure or damage. In light of current and pending federal and state legislation, it is imperative for universities to recognize that information risk management must be part of their strategic and continuity planning.
...