Tools for assessing cybersecurity risk
IU strives to understand the cybersecurity risk to organizational operations, organizational assets, and individuals. IU conducts various information risk assessments, some of which include:
- Cyber Risk Review to assist with IT-28 Cyber Risk Mitigation Responsibilities
- Third-party assessment (3PA) (required by DM-02 “Disclosing Institutional Information to Third Parties”)
- HIPAA Assessment
Future evolution of information risk assessments
Due to the challenge of ever-increasing legislation, regulations, and risks, the UISO will further empower units / departments to conduct risk assessments. The UISO will continue to establish core methodologies for assessment and provide consulting and training opportunities to assist IU units to mature their information risk assessment capabilities.