Abstract
This paper reports a service learning project of an information security risk assessment in a K12 school corporation. The project team constructed a customized risk assessment process in the selected school corporation. The team evaluated the information technology systems’ implementations, related policies and regulations surrounding the technology and implementations, as well as common procedures adopted for the school corporation’s information technology operations. Although the technical aspect of this project focused on one asset of the school corporation’s information systems: the student database, the school corporation can extend the applied process to other assets as well. This report mainly discusses how threats and vulnerabilities of the systems and the systems’ implementations can be determined, how risks can be quantified, and how recommendations on areas of improvement can be derived. Following the customized risk assessment process, K12 Schools and corporations could conduct the regular risk assessment on their own.