Joanna Grama

Biography

Joanna Lyn Grama, JD, CISSP, CIPP/IT, CRISC, directs the EDUCAUSE Cybersecurity Initiative and the IT GRC (governance, risk, and compliance) program.

Joanna has expertise in law, IT security policy, compliance, and governance activities, as well as data privacy. She is a member of the U.S. Department of Homeland Security's Data Privacy and Integrity Advisory Committee (appointed to Committee by Secretary Janet Napolitano) and serves as the chairperson of its technology subcommittee. Joanna is also a member of the Information Systems Audit and Control Association (ISACA); the International Association for Privacy Professionals (IAPP); the American Bar Association, Section of Science and Technology Law, Information Security Committee; and the Indiana State Bar Association. Prior to joining EDUCAUSE, Joanna held the position of Information Security Policy and Compliance Director at Purdue University.

Joanna graduated from the University of Illinois College of Law with honors. She is a frequent speaker on a variety of IT security topics, including identity theft, personal information security, and university information security compliance issues. She is also the author of the textbook, LEGAL ISSUES IN INFORMATION SECURITY (2 ed, 2014).

Connect on LinkedIn: http://www.linkedin.com/in/joannagrama

Follow on Twitter: @runforserenity

EDUCAUSE Publications

  • CDS Spotlight: Information Security
    • Briefs, Case Studies, Papers, Reports

    This research bulletin uses data from Modules 1 and 7 of the EDUCAUSE Core Data Service to examine the current state of information security in higher education.

  • Higher Education Information Security Awareness Programs
    • Briefs, Case Studies, Papers, Reports

    In early 2016, the SANS Institute released its second annual SANS Securing The Human report. Based on a survey of 369 information security training and awareness professionals, the research is designed to understand the state of information security training and awareness programs across various industries, including “educational services".

  • Risk Management Basics
    • Blog

    Risk management is a complex set of activities in which an organization identifies and assesses its risks and then creates a plan for addressing those risks. This article describes the basic activities associated with risk management.

EDUCAUSE Presentations

Memberships

EDUCAUSE Member
ELI Member
ECAR Subscriber

EDUCAUSE Involvement

  • HEISC Security Assessments Working Group
    • Working Group, 2016 - 2019
  • ECAR Research Data Sharing Working Group
    • ECAR, 2016 - 2019
  • Security Professionals Conference 2017 Program Committee
    • PROGRAM, 2016 - 2017
  • Policy Advisory Committee
    • ADVISORY, 2015 - 0001
  • HEISC Mentor and PD Team
    • Working Group, 2015 - 0001