Skip to Content

UCONN RISK ASSESSMENT PROCESS – INSTRUCTIONS

Last Revised: March 26, 2008

The University has become more sensitive to the security of its computing resources and has implemented a new set of policies that includes requirements for performing assessments of security risks for each department that uses University computing resources. (See Electronic Data Security Management policy.)

A Security Risk Assessment is the process of identifying and measuring the factors that could negatively affect the security of information technology resources.

As the primary provider of computing resources to the UCONN community, UITS has tried to provide leadership and advice to other departments who will be performing these assessments.

The Risk Assessment process offered here takes into account the following considerations: Depending on the outcome of this risk assessment, your department/unit may need to carry out a more complete Risk Assessment.

Risk Assessment Process Steps:

  • Hold an assessment kickoff session. Include in the session individuals (Assessment Team) who together are knowledgeable in all of the business within your unit and all of the IT equipment and computing resources, and data stores used within your unit. At the Kickoff Session, you will:
  • Distribute documents: Inventory and Description template; IT Security Risk Assessment template.
  • Familiarize everyone, who will be involved, with the assessment process.
  • Complete the Inventory and Description document.  (Note: You may wish to reference the Common Information Systems Assets reference document to aid in completing the Inventory and Description document.)
  • Download and complete the IT Security Risk Assessment.
  • Continue to the Business Continuity Plan (optional)

    03.27.2008:ldg