Security Consultation and Risk Assessments

Tags Faculty Staff

A security consultation is a discussion between your team and Pitt IT Security with the goal of helping your team understand the risks of processing, storing, and transmitting University data.

The goal of the risk assessment is to identify the security controls that adequately protect your data. Based on the risk profile of the project, Pitt IT Security will recommend appropriate data-protection controls, which may address access, configuration, auditing, training, communications protection, media protection, and information integrity.

 

About This Service

Key Features

  • Identification of Vulnerabilities: Security consulting and risk assessments can help to identify vulnerabilities in an organization's information security posture. This information can be used to prioritize remediation efforts and improve the overall security of the organization.
  • Mitigation of Risks: By identifying and prioritizing vulnerabilities, organizations can take appropriate steps to mitigate the risks associated with those vulnerabilities. This can help to reduce the likelihood and impact of security incidents.
  • Compliance: Security consulting and risk assessments can help organizations ensure compliance with relevant regulations and industry standards. This is particularly important for organizations that handle sensitive data or have regulatory obligations.
  • Better Decision Making: Security consulting and risk assessments provide valuable information that can be used to make more informed decisions about information security. This information can be used to evaluate the risks associated with different security strategies and select the most appropriate approach for the organization.
  • Protection of Reputation: A data breach or other security incident can damage an organization's reputation and undermine stakeholder confidence. By engaging in security consulting and risk assessments, organizations can take steps to mitigate the risk of such incidents and protect their reputation.

Getting and Using This Service

How do I request this service?

Submit a ticket by clicking the Request Help button on the upper right hand corner of this page.

Who can use this service?

Faculty, Staff

Support

How do I get help?

Submit a ticket by clicking the Request Help button on the upper right hand corner of this page.

 
Request Help

Related Articles (8)

Security consultations are helpful to understand the risks of data management, how security controls should be implemented to adhere to compliance and risk requirements, and to assist choosing the appropriate IT infrastructure for a project.
A security consultation is a discussion between your team and Pitt IT Security with the goal of helping your team understand the risks of processing, storing, and transmitting University data. During a consultation, Pitt IT Security will ask questions to develop a risk profile, such as:
The questionnaire provides Pitt IT Information Security with the information to understand the product or services that the vendor will provide to the University. It also defines the assessment scope, identifies the University’s potential risk, and collects the vendor’s contact information.
Here are some items that must be done to properly secure University research data and intellectual property.
A system security plan is a formal document that provides an overview of a system's security requirements and describes the security controls in place (or planned) for meeting those requirements. System security plans are helpful because they are a documented guide for implementing adequate security controls based on compliance requirements, such as the HIPAA security rule or any risk associated with the data.
The primary function of security architecture is to design, document, and communicate the components of a security program in a consistent manner. As such, the primary outcome of security architecture is a well-defined strategy that connects business drivers with technical implementation guidance.
Any University unit that collects credit card information must have security controls in place that comply with the Payment Card Industry Data Security Standard ("PCI").
The University's information security policies and procedures

Details

Service ID: 74
Created
Wed 5/24/23 5:59 PM
Modified
Mon 9/23/24 2:34 PM