2016 IT Risk Assessment

The following is additional information to assist in completing the 2016 IT Risk Assessment Survey:

1.  Are you measuring customer satisfaction with IT in your department/unit? 

Please indicate if you are using any method (e.g. surveys, follow up calls with customers) to assess satisfaction with IT services in your department/unit. 

2.  Have you reviewed and addressed known vulnerabilities for highly critical web applications? 

Use the URL on the survey to view the 2016 High and Medium Web Application Criticality list. These applications are scanned regularly and vulnerability reports are sent to the department for action.

2017 High-Medium Criticality Apps

3.  Do you have a process in place to assess whether an existing web application is critical?

The ASU Web Application Security Standard provides information on criticality ratings.  UTO.asu.edu/policy  

4.  Is your business continuity plan up to date?

Business continuity plans should be reviewed at least annually for accuracy.

5.  Is your business continuity plan loaded into the ASUReady tool?

Use the URL on the survey to access ASUReady.    https://us.ready.kuali.co/asu

6.  Does your business continuity plan include updated security and availability incident response plans in ASUReady?

The ASU Incident Response Standard is available as an example if your department needs a model to work from.  UTO.asu.edu/policy 

7.  Identify the timing of your incident response testing.

Incident response plans should be tested at least annually and updated accordingly. 

8.  What percentage of your department has completed security awareness training this fiscal year? 

Use the URL in the survey to view the ASU Staff Training dashboard.  From there, select “Information Security Training.”  You can drill down into each department to view the individuals who have not yet completed the training.   https://webapp6.asu.edu/corda/dashboards/ASUStaffTraining/main.dashxml

More information on Information Security Awareness Training.

9.  Does your department leverage a tool for managing employees' laptops or other endpoint devices? (e.g. SCCM or Casper Suites ASU enterprise solutions)

Your technical support team should know what tool(s), if any, are used in managing endpoint devices.  

10.  What percentage of employees with endpoint devices are managed with the tool(s) listed in #9?

If a tool is used, indicate to what level it has been implemented. This information will be used to build a workstation compliance dashboard.  We will be following up after the risk assessment to collect additional detail for this dashboard.  

Get Protected | Arizona State University

Contact Us

About
About Us News
Resources
Policies & Standards Remote Work Security Training
Services
DUO Two-Factor Incidence Response Password Services Vulnerability Management
Maps and Locations Jobs Directory Contact ASU My ASU
Repeatedly ranked #1 in innovation (ASU ahead of MIT and Stanford), sustainability (ASU ahead of Stanford and UC Berkeley), and global impact (ASU ahead of MIT and Penn State)
Copyright and Trademark Accessibility Privacy Terms of Use Emergency