Published on Information Security at UVA (https://security.virginia.edu)

Home > Security Guidance > Compliance > Information Security Risk Management Program

Information Security Risk Management (IS-RM) 2019

Access a PDF of the 2019 IS-RM Assessment by clicking here! [1]

The University of Virginia is committed to preventing incidents that may impact the confidentiality, integrity, and availability of information and IT resources.  In accordance with the Information Security of University Technology Resources [2] policy, all units and departments are required to complete an annual information security risk assessment (IS-RM) to evaluate the effectiveness of their IT security controls within their environments.  

We are in the third year since the risk assessment became an annual requirement.  This year's assessment focuses mostly on asset inventory which is number one in the CIS Top Twenty Critical Controls.

You can receive a copy of the inventory formats being requested below:

 

 

Source URL: https://security.virginia.edu/riskmanagement

Links
[1] https://security.virginia.edu/system/files/netbadge/ISRM2019_Final_v3.pdf
[2] https://uvapolicy.virginia.edu/policy/IRM-004
[3] https://security.virginia.edu/system/files/netbadge/EndpointAssetInventory_2020_templatefinal_v2.xlsx
[4] https://security.virginia.edu/system/files/netbadge/ServerAssetInventory_2020_templatefinal%20%281%29.xlsx