Joanna Grama


Joanna Lyn Grama, JD, CISSP, CIPT, CRISC, directs the EDUCAUSE Cybersecurity Initiative and the IT GRC (governance, risk, and compliance) program. Joanna has expertise in law, IT security policy, compliance, and governance activities, as well as data privacy.

She is a member of the U.S. Department of Homeland Security's Data Privacy and Integrity Advisory Committee (appointed to Committee by Secretary Janet Napolitano) and serves as the chairperson of its technology subcommittee. Joanna is also a member of the Information Systems Audit and Control Association (ISACA); the International Association for Privacy Professionals (IAPP); the American Bar Association, Section of Science and Technology Law, Information Security Committee; and the Indiana State Bar Association. Joanna graduated from the University of Illinois College of Law with honors. She is a frequent speaker on a variety of IT security topics, including identity theft, personal information security, and university information security compliance issues. She is also the author of the textbook, LEGAL ISSUES IN INFORMATION SECURITY (2 ed, 2014).

Connect on LinkedIn:

Follow on Twitter: @runforserenity

EDUCAUSE Publications

  • Searching for a Smoking Gun, Chasing a Silver Bullet: Data Breaches in Higher Education
    • Briefs, Case Studies, Papers, Reports

    The EDUCAUSE Center for Analysis and Research (ECAR) published its first look at data breaches in higher education in 2014. Our current research looks at whether any factors increase or decrease the likelihood of a higher education data breach. Is there a smoking gun, something found in every higher education data breach? And, conversely, is there a silver bullet—a control or controls that higher education institutions can employ to prevent data breaches?

EDUCAUSE Presentations


ELI Member
ECAR Subscriber

EDUCAUSE Involvement

  • ECAR IT Accessibility Working Group
    • ECAR, 2017 - 0001
  • Security Professionals Conference 2018 Program Committee
    • PROGRAM, 2017 - 0001
  • HEISC Security Assessments Working Group
    • Working Group, 2017 - 0001
  • HEISC Security Assessments Working Group
    • Working Group, 2016 - 2019
  • ECAR Research Data Sharing Working Group
    • ECAR, 2016 - 2019