The state and the university administration require the university to undergo an annual assessment of the university's information resources and measure the risk to those resources. The Information Security Office has developed a process for the university community to define the data stored on the information resources and then evaluate it. The data also provide a way to measure the campus risk profile over time.
The importance of this process was communicated to campus leadership in a March 19, 2007 memo from Brian Roberts, vice president for Information Technology, and Rudolph Green, director of the Office of Institutional Compliance. Each member of the university who is designated as responsible for a system in the NETcontacts database is responsible for participating in the annual risk assessment process. Department heads are responsible for acknowledging the data entered in the system.
Use this site to find the schedule for each year's assessment, training resources, and more information about the process.
Discussion Forum - missing
ISO Glossary - missing
If you need assistance or have feedback, please talk to your technical support contact or send e-mail to firstname.lastname@example.org.