Search Information Security site


Main menu

Information Security Risk Management (IS-RM) 2019

Access a PDF of the 2019 IS-RM Assessment by clicking here!

The University of Virginia is committed to preventing incidents that may impact the confidentiality, integrity, and availability of information and IT resources.  In accordance with the Information Security of University Technology Resources policy, all units and departments are required to complete an annual information security risk assessment (IS-RM) to evaluate the effectiveness of their IT security controls within their environments.  

We are in the third year since the risk assessment became an annual requirement.  This year's assessment focuses mostly on asset inventory which is number one in the CIS Top Twenty Critical Controls.

You can receive a copy of the inventory formats being requested below:



Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security office will evaluate the report and provide a full investigation if appropriate.

Complete Report Form