Events

CampusConnect 2026

Annapolis, Maryland

Moving from Spreadsheets to Scalable, Strategic Risk Management Programs

11:50 am - 12:10 pm CDT

EDUCAUSE Symposium | Risk Management: Identifying, Understanding, and Mitigating Cybersecurity and Privacy Risks

Moving from Spreadsheets to Scalable, Strategic Risk Management Programs

Most organizations don’t struggle with knowing risks exist—they struggle with organizing, prioritizing, and acting on them consistently. Risks are often tracked in spreadsheets owned by no one and disconnected from controls and compliance requirements.

As institutions face increasingly complex cybersecurity and privacy challenges, effective risk management has become essential to protecting organizational missions, ensuring compliance, and sustaining operational resilience. This session demonstrates how a Governance, Risk, and Compliance (GRC) platform can serve as a powerful tool for building a structured, repeatable, and data-driven risk management program.

Presenters will review how they took their program from endless spreadsheets into practical workflows within a central GRC environment, tracking risk identification, impact, analysis, and mitigation. Participants will also learn how Virginia State University is now able to connect technical cybersecurity risks to broader institutional and strategic goals through automated executive-level dashboards and reporting. Identified risks such as phishing attacks, outdated legacy systems and inventories, third-party vendor oversight, and the use of personal devices are categorized, assigned inherent and residual risk levels, and mapped directly to cybersecurity standard framework controls.

Finally, the session will outline strategies for shifting from reactive, ad-hoc risk management practices to proactive, continuous monitoring.

Speakers:

• Tabitha Rhodes, Director of IT Governance, Risk & Compliance, Virginia State University
• Katie Johnson, Manager, AVP Product and Senior Manager, Operations Support, CampusGuard