University of Connecticut University of UC Title Fallback Connecticut

Risk Management is the process used to identify, analyze, plan and respond to risks within the University's IT environment. This website details and documents risk management processes and guidelines.

ITS is currently distributing the Information Security Risk and Compliance Self-assessment Questionnaire to select IT support and management staff in schools, colleges, campuses, and departments. If you have questions or need support, contact Paul Majkut at or Jason Pufahl at

What is Risk Management?

In virtually every aspect of education, research, and administration there is an increased reliance on digital information and the technologies that support it. With this comes an increasing level of responsibility to protect these information assets from accidental or malicious exposure or damage. In light of current and pending federal and state legislation, it is imperative for universities to recognize that information risk management must be part of their strategic and continuity planning.

Why have a Risk Management Process?

Risk assessments are part of the ongoing risk management process that assigns relative priorities for mitigation plans and implementation. It is a large part of the overall risk management process; many of the steps described in our risk management program focus on the assessment process.  Risk decisions are made all the time, sometimes without deep consideration and may even be based upon intuition. A formalized risk management process can uncover risks that were not anticipated, resolve funding conflicts, and help enhance executive buy-in to security improvements.