General Security Risk Assessments and Consultations

Summary

Security consultations are helpful to understand the risks of data management, how security controls should be implemented to adhere to compliance and risk requirements, and to assist choosing the appropriate IT infrastructure for a project.

Body

Overview

A security consultation is a discussion between your team and Pitt IT Security with the goal of helping your team understand the risks of processing, storing, and transmitting University data. During a consultation, Pitt IT Security will ask questions to develop a risk profile, such as:

What type of data is involved?
Where will the data be processed, stored, and transmitted?
Are there any contractual or regulatory security requirements?
The goal of the risk assessment is to identify the security controls that adequately protect your data. Based on the risk profile of the project, Pitt IT Security will recommend appropriate data-protection controls, which may address access, configuration, auditing, training, communications protection, media protection, and information integrity.

 

When does a project need a security consultation?

Security consultations are helpful to understand the risks of data management, how security controls should be implemented to adhere to compliance and risk requirements, and to assist choosing the appropriate IT infrastructure for a project. Pitt IT recommends you request a consultation anytime your team is:

  • Classifying data (learn more about data classifications)
  • Considering options for IT infrastructure security controls
  • Reviewing security regulations
  • Evaluating compliance requirements

 

Departmental IT Risk Assessments

On an annual basis, University departments should perform formal risk assessments of their operations.  Performing risk assessments is a collaborative process involving the operational and IT areas of the department. 

The IT risk assessment process should include identifying, classifying, and documenting the following:

  • Departmental IT risks
  • Systems, applications, and data types
  • Risk mitigation steps and status

During Departmental IT Audits, the University’s Internal Audit team may request to review the Department’s current risk assessment document.  In order to assist Departments with this process, Pitt IT Security developed the Departmental Risk Assessments Tool which can be downloaded here.

 

Details

Details

Article ID: 577
Created
Fri 12/8/23 8:55 AM
Modified
Thu 6/13/24 11:03 AM

Related Services / Offerings

Related Services / Offerings (1)

SECURITY CONSULTING AND EDUCATION Pitt IT Security will recommend appropriate data-protection controls through security consultation and risk assessments.