Cyber Risk Review

What is the Cyber Risk Review?

Cyber Risk Mitigation Responsibilities, IU policy IT-28, ensures that the community works to “vigilantly mitigate cybersecurity risks, maximize physical security for IT systems, and minimize unacceptable risks to IT systems and data from natural disasters (collectively, 'Cyber Risks')".

Each IT unit will have a security analyst assigned to them to assist with IT Governance, Risk, and Policy Compliance.  The security analyst will serve as IT security consultant.  Security analysts will engage IT Managers and IT Pros in regular meetings as part of an ongoing program.  Personalized consultations will help units improve IT security practices, assist with risk assessments, and provide units with risk mitigation recommendations.

Learn more about Cyber Risk Review

IT-28 Inventory Tool instructions

  • Use this as a visual guide to using the IT-28 Inventory Tool

  • Access the IT-28 Inventory Tool

  • Contact it28help@iu.edu to gain access to the IT-28 Inventory Tool.

Download the tool instructions

Help! I have questions

If you have questions concerning IT-28, send an email to it28help@iu.edu.

Resources

IT-28 Inventory Tool

Access the IT-28 Inventory Tool. If you haven't already, contact the UISO (it28help@iu.edu) to gain access to the IT-28 Inventory Tool.

IT-28 tool upload template

Use this template to to update multiple changes to your IT-28 inventory listing. Complete this template and email it to it28help@iu.edu. UISO will import your data from the template. This will not delete existing content.

IT-28 policy

Cyber Risk Mitigation Responsibilities

Information Security & Privacy Program

The Indiana University Information Security & Privacy Program promotes safeguards that adequately protect information but do not impede its appropriate widespread use.

CIS Secure Suite

Center for Internet Security SecureSuite provides resources designed to improve security, including configuration benchmarks, automated configuration assessment tools, and security metrics, as well as security software product certifications.

FAIR methodology

A Methodology for Quantifying and Managing Risk. Factor Analysis of Information Risk (FAIR) is the only international standard quantitative model for cybersecurity and operational risk.

NIST Cybersecurity

National Institute of Standards and Technology Cybersecurity programs seek to enable greater development and application of practical, innovative security technologies and methodologies that enhance the ability to address current and future information security challenges.

NIST Cybersecurity Framework

National Institute of Standards and Technology Cybersecurity Framework provides guidance on how you can assess and improve the ability to prevent, detect and respond to cyberattacks