IT Risk Assessment

What is the IT Risk Assessment Process?

The IT Risk Assessment service encompasses two activities that are used to measure and mitigate IT risks across ASU. These activities are governed by the ASU IT Risk Management Standard and conducted by Business Units in collaboration with ET Cybersecurity. This service is aligned with the National Institute of Standards and Technology (NIST) Special Publication 800-39.

The first activity of this service consists of the Semiannual ASU Risk Assessment, which is conducted twice a year to help ASU understand relative institutional IT risk across a decentralized environment. This helps ASU understand how different units contribute to the University’s overall risk exposure based on impact, complexity, and control effectiveness.

The second activity of this service is the management of the ASU Enterprise IT Risk Register. This tool is used by the organization to identify and validate emerging risks that surface through external events or business processes so that they can be mitigated and monitored. 

Why Does This Matter? 

The IT Risk Assessment Process is a fundamental step in an information security risk management program. Regularly conducting information technology risk assessments enables ASU to identify and mitigate information technology risks that threaten our personnel and assets.

IT Risk Assessment And Risk Register Process

Semiannual Departmental Risk Assessment Cadence

IT Risk Assessment Knowledge Base 

Risk Register Guide Risk Questionnaire Guide

Risk Response Guide Risk Monitoring Guide

Semiannual Risk Assessment Scoring Methodology

Questions?

Request a Consultation!

 

 

Get Protected | Arizona State University

Contact Us

About
About Us
Resources
Policies & Standards Remote Work
Services
Incidence Response Vulnerability Management
Maps and Locations Jobs Directory Contact ASU My ASU
Repeatedly ranked #1 on 30+ lists in the last 3 years
Copyright and Trademark Accessibility Privacy Terms of Use Emergency