Risk Assessment Services
The Information Security Office offers departments a range of information security assessments based on the National Institute of Standards and Technology (NIST) framework and industry best practices to help you identify and prioritize risks to university information, devices, and systems. This includes but is not limited to:
- OHIO Technology Reviews
- Technology reviews are required for all information technology, communication technology or software purchases/renewals, including "free" services and services developed in house.
- Vulnerability assessments
- General recommendations for reducing information technology risk to an acceptable level.
How to Request
To request a risk assessment, email firstname.lastname@example.org with the following information:
- Department name
- Brief description of the services the department provides.
- Description of the data types the department processes (i.e. FERPA, Student Loan Data, PCI data, Research Data, PHI, etc.).
- Are you subject to any compliance requirements (i.e. HIPAA, ITAR, GLBA, PCI-DSS, etc.)?
- Main contact within the department to facilitate the risk assessment.
- Approximate number of employees.
- Approximate number of workstations and number of individual or unit that provides desktop management.
- List of systems the department uses and indicate if any are centrally managed.
As part of a risk assessment, a department may be asked to complete a risk assessment form.