Re: University-Wide Risk Assessment

[Shirley Payne <payne () VIRGINIA EDU>]

Information on the University of Virginia's risk management program is
available at http://www.itc.virginia.edu/security/riskmanagement.


Shirley Payne
Director for Security & Policy
University of Virginia
(434) 924-4165

Alex Campoe wrote:
> One thing that Connie Sadler from Brown University mentioned recently
made me curious. We are about to embark on an attempt to perform a
University-wide risk assessment program and we're trying to figure out
how to go about doing it. Our environment is pretty large and decentralized.
>
> The questions are many, but I would like to know how other
Universities approach the issue. Do you send out surveys, or is the RA
done personally? How detailed are the questions? Do you cover both
technical and procedural issues? Do you base the questions on existing
policies? Who answers the questions? Individual techs or heads of
departments? What method do you use? Electronic? Web based? Written and
signed?
>
> Thanks
>
>


Alex Campoe wrote:
> One thing that Connie Sadler from Brown University mentioned recently
> made me curious. We are about to embark on an attempt to perform a
> University-wide risk assessment program and we're trying to figure out
> how to go about doing it. Our environment is pretty large and
> decentralized.
>
> The questions are many, but I would like to know how other Universities
> approach the issue. Do you send out surveys, or is the RA done
> personally? How detailed are the questions? Do you cover both technical
> and procedural issues? Do you base the questions on existing policies?
> Who answers the questions? Individual techs or heads of departments?
> What method do you use? Electronic? Web based? Written and signed?
>
> Thanks