Although the risk assessment process can be done as a self-assessment, there is a facilitated service available for any Units that would like assistance from the OIT Security Risk and Compliance team.
If interested in this service, please submit a Security Risk and Compliance Service Request and choose “Facilitated Risk Assessment“.
The following is a general outline of the Facilitated Security Risk Assessment experience:
Responsibilities and Expectations during the service include:
| OIT Security Risk and Compliance |
Customer |
- Explain general security policy, standards, requirements, principles, and best practices
- Explain and facilitate the risk assessment processes
- Answer questions about security terminology in plain English
- When possible – help provide templates, examples, and refer people to external domain-specific resources
|
- Read documentation and training resources provided
- Learn how to apply the general security requirements to your domain/SME
- Don’t wait for perfection to make progress, attempt your best effort, ask questions, use services that are available, make incremental progress, report roadblocks
- Don’t mix identifying risk with worrying about how or who to fix it. Identify -> prioritize -> plan -> remediate, as separate tasks without each influencing the other
|
