IT Risk Management

Software bug

The IT Risk Management chapter provides expert guidance and consultation to the University IT community in the effort to continually improve ASU’s security posture. 

The IT Risk Management Program includes: 

  • Identification, vulnerability scanning, and penetration testing of connected network assets and web applications
  • Identification, prioritization, and tracking of asset and web application vulnerabilities
  • Expert guidance and consultation on vulnerability prevention and remediation
  • Analysis and support for University IT risk assessment activities, performance audits, and regulatory compliance reviews
  • Routine and specialized analytics on cybersecurity performance indicators
  • Support for information security training and cybersecurity awareness events
  • Risk reviews for enterprise software integrations.

Developer Resources

Vulnerability resources available to developers and best practice information by platform.

Network Scanning

Monthly scanning schedule and communications for scanning.

Web App Scanning

We are currently offering web application scanning services by request through a ServiceNow ticket. In addition, we have set up a developer...

Third Party Scanning Requirements

Third parties are required to share scanning and pen testing results with ASU. See PO/Contract language Section 17. Often Vendors will require an NDA...

Vulnerability Remediation

Remediation information and redirects. For additional assistance please submit a ServiceNow ticket.

Contact Us

The IT Risk Management chapter offers open office hours on the 1st and 3rd Thursday of each month from 1:30pm to 3:30pm.

For additional support or questions please submit a ServiceNow ticket request. This includes requests to be added to the IT Community Risk slack channel.