Cyber Risk Review

What is the Cyber Risk Review?

Cyber Risk Mitigation Responsibilities, IU policy IT-28, ensures that the community works to “vigilantly mitigate cybersecurity risks, maximize physical security for IT systems, and minimize unacceptable risks to IT systems and data from natural disasters (collectively, 'Cyber Risks')".

Participating IT units at Indiana University have a UISO security analyst and a security engineer assigned to support the unit's continuous engagement in cyber risk mitigation and to assist with the Cyber Risk Mitigation Responsibilities policy (IT-28).

Learn more about Cyber Risk Review

Help! I have questions

If you have questions concerning IT-28, send an email to uiso@iu.edu.

Resources

IT-28 policy

Cyber Risk Mitigation Responsibilities

Information Security & Privacy Program

The Indiana University Information Security & Privacy Program promotes safeguards that adequately protect information but do not impede its appropriate widespread use.

CIS Secure Suite

Center for Internet Security SecureSuite provides resources designed to improve security, including configuration benchmarks, automated configuration assessment tools, and security metrics, as well as security software product certifications.

FAIR methodology

A Methodology for Quantifying and Managing Risk. Factor Analysis of Information Risk (FAIR) is the only international standard quantitative model for cybersecurity and operational risk.

NIST Cybersecurity

National Institute of Standards and Technology Cybersecurity programs seek to enable greater development and application of practical, innovative security technologies and methodologies that enhance the ability to address current and future information security challenges.

NIST Cybersecurity Framework

National Institute of Standards and Technology Cybersecurity Framework provides guidance on how you can assess and improve the ability to prevent, detect and respond to cyberattacks