What is Risk Management?
In virtually every aspect of education, research, and administration there is an increased reliance on digital information and the technologies that support it. With this comes an increasing level of responsibility to protect these information assets from accidental or malicious exposure or damage. In light of current and pending federal and state legislation, it is imperative for universities to recognize that information risk management must be part of their strategic and continuity planning.
Self-Assessment Questionnaire
ITS is currently distributing the Information Security Risk and Compliance Self-assessment Questionnaire for each school, college, campus, and department to complete. Per the UConn ITS-Information Security Office Risk Management Policy, each department is responsible for ensuring that a Risk Assessment is performed every two years. The Risk and Compliance Self-Assessment Questionnaire is NOT an audit. The purpose of the questionnaire is to collect information about systems, services, and data that will inform efforts to continuously strengthen UConn’s information security posture. In addition to identifying institutional security gaps, this questionnaire also assists UConn in maintaining compliance with federal regulations, policies, procedures, and best practices in areas such as FERPA, HIPAA, PII, backups, and incident response.
If you have questions or need support, contact Paul Majkut at paul.majkut@uconn.edu.
Why have a Risk Management Process?
Risk assessments are part of the ongoing risk management process that assigns relative priorities for mitigation plans and implementation. It is a large part of the overall risk management process; many of the steps described in our risk management program focus on the assessment process. Risk decisions are made all the time, sometimes without deep consideration and may even be based upon intuition. A formalized risk management process can uncover risks that were not anticipated, resolve funding conflicts, and help enhance executive buy-in to security improvements.