Information Security Risk Assessment

This summer, all UA departments are being asked to conduct an information security risk assessment. Risk assessment is a process for identifying, assessing and determining ways to mitigate risks to information and information systems. The risk assessment will help departments select appropriate, cost-effective strategies for securing information assets.

Because risk assessment is an integral aspect of UA’s Information Security Program, it is mandated by the Risk Assessment Standard, http://security.arizona.edu/files/ISS1200.pdf. Recognizing its importance, the Arizona Board of Regents Audit Committee has asked internal audit staff from all three Arizona universities to ensure completion of a risk assessment.  Internal Audit will review unit progress.

A successful risk assessment requires full support of senior management and must involve, at a minimum, the unit’s Information Security Liaison, senior IT administrator and senior financial administrator.  The departmental Information Security Liaison will play a critical role in coordinating the entire process.  

UA InfoSec’s goal has been to make this process as simple and effective as possible.  The assessment team will be assisted by written procedures, forms and a streamlined process.  The assessment should be submitted to the UA InfoSec by August 31.

Forms, procedures and a video overview are posted at http://security.arizona.edu/risk. For more information, please contact UA Infosec at iso@u.arizona.edu or 621-UISO (8476).