Merri Beth Lavagnino

Chief Risk Officer

Contact Information

Merri Beth Lavagnino has 30 years of experience working in higher education in medium and large universities, both public and private, and a regional consortium. She has worked in a variety of roles including support staff, faculty, and administrator; and in many disciplines including libraries, information technology, learning technology, security, policy, privacy, compliance, and risk.

Recent Presentations

  • "Enterprise Risk Management Panel," Institute of Internal Auditors, Indianapolis Chapter, October 2013
  • "Is There a Tool for That? Tools Supporting Privacy Programs," IAPP Indianapolis KnowledgeNet, May 2013
  • "Managing Information Privacy Risk: A Multi-Institutional Panel Discussion," EDUCAUSE Security Professionals Conference, April 2013
  • "Privacy Officers Around the Virtual Water Cooler," EDUCAUSE Data Privacy Month Webinar, January 2013
  • "Is There a Tool for That? Tools Supporting Privacy Programs," Indiana Security and Privacy Network (INSPN), November 2012
  • "Building an Information and IT Compliance Program," EDUCAUSE Security Professionals Conference, May 2012
  • "Governance, Risk, and Compliance (GRC) Systems in Higher Education," EDUCAUSE Security Professionals Conference, May 2012
  • "Launch of Data Privacy Month in Higher Education," EDUCAUSE Live!, January 2012
  • "Prepare to Come About: What to Do When Privacy Goes Adrift," Burton Group Catalyst North America Conference, July 2010
  • "Treating IT Incidents Within an All-Hazards Approach," Institute for Computer Policy and Law, July 2010
  • "Pioneering Information Privacy in Higher Education," CACR Higher Education Cybersecurity Summit, March 2010
  • "Expert Discussion: Legal and Compliance Issues," EDUCAUSE Annual Conference (Online Only), November 2009
  • "Web Site Privacy and Security: Is Your Site Working Against You?," Indiana University <eduDEV> Conference, October 2009
  • "Supporting, Managing, and Protecting an Organization’s Data Assets," CA Data Management Roundtable, July 2009
  • "Managing Sensitive Data in an Academic Environment," Technology in Business Schools Roundtable (TBSr) Conference, June 2009
  • "Policy and Privacy," EDUCAUSE Advanced CAMP: Registering, Discovering, and Using Distributed Services in Academia, June 2008
  • "Data Privacy and Security: Some Considerations for University Purchasing Departments," National Association of Educational Procurement, Indiana Regional Conference, October 2007
  • "Dialogue: Does the Cornell Policy Process Play in Peoria?," EDUCAUSE Annual Conference, October 2007
  • "Revising Existing IT Policies: Tales from the Trenches," Institute for Computer Policy and Law, July 2007
  • "Policy Issues for Incident Detection and Vulnerability Scanning," Institute for Computer Policy and Law, July 2007
  • "Incident Response at Indiana University," Big 10 Audit Conference, June 2007
  • "Preparing for Data Protection Laws: How to Earn an A+ from Your Attorney General," EDUCAUSE Security Professional's Conference, April 2007
  • "Sensitive Data Exposure Risks & Response," Association for Financial Professionals of Indiana, March 2007
  • "Responding to Sensitive Data Exposures at Indiana University," Indiana School of Business Information Management Affiliates, November 2006
  • "Exposing Students to Legal Downloading Services," ACUTA Annual Conference, July 2005
  • "Streamlining IP Registrant Identification, Notification, and Blocking for Threats in the Wild," EDUCAUSE Security Professionals Workshop, April 2005

Recent Publications

Recent Professional and Service Activities

Recent Honors and Awards