Tools for assessing cybersecurity risk
IU strives to understand the cybersecurity risk to organizational operations, organizational assets, and individuals. IU conducts various information risk assessments, some of which include:
- Cyber Risk Review to assist with IT-28 Cyber Risk Mitigation Responsibilities
- Health Insurance Portability and Accountability Act (HIPAA) Assessment
- Some Software and Services Selection Process (SSSP) requests might trigger a security review if it utilizes Cloud Services that will host or access critical data.
Future evolution of information risk assessments
Due to the challenge of ever-increasing legislation, regulations, and risks, the UISO will further empower units / departments to conduct risk assessments. The UISO will continue to establish core methodologies for assessment and provide consulting and training opportunities to assist IU units to mature their information risk assessment capabilities.