The purpose of Security Risk Assessment Services is to help the University of Louisville community identify, evaluate, and mitigate risks to information systems, data and operations. These services support compliance with institutional, state and federal security policies, and help departments proactively address vulnerabilities and threats to protect university assets.
Overview of Service
Security risk assessments are coordinated by ITS Enterprise Security. The team provides consulting, tools, and expertise to assess risks for systems, applications and processes. Services include formal risk assessments, vulnerability scans, recommendations for remediation, and support for compliance with regulatory frameworks (such as HIPAA, FERPA, PCI, GLBA, Export Controls, and KRS 61.931-934).
Key Features:
- Formal risk assessments for university systems, applications, and processes
- Vulnerability scanning and analysis
- Recommendations for risk mitigation and remediation
- Support for compliance with institutional and regulatory requirements
- Consulting for risk management strategies and best practices
- Coordination with the University Integrity and Compliance Office
Benefits:
- Early identification and mitigation of security risks
- Improved compliance with security policies and regulations
- Enhanced protection of university data and systems
- Informed decision-making for technology investments and process changes
- Support for a culture of accountability and security
Intended Audience:
Faculty, staff, departmental administrators and IT professionals responsible for managing university systems, data or processes.
Service Details
-
Core Activities:
- Conduct risk assessments and vulnerability scans
- Provide consulting and recommendations for risk mitigation
- Assist with compliance documentation and audit preparation
- Facilitate reporting of risks, incidents, or non-compliance
- Respond to risk-related inquiries and support remediation efforts
-
Associated Platforms:
ITS Helpdesk, online risk assessment request forms, vulnerability management tools, Information Security Policies and Procedures library
-
Performance Metrics:
- Number of risk assessments and vulnerability scans completed
- Timeliness of response to assessment requests and findings
- User satisfaction and feedback
- Reduction in identified risks and vulnerabilities
-
Collaboration:
Managed by ITS Enterprise Security in partnership with the University Integrity and Compliance Office and departmental leadership.
Boundaries and Constraints
- Risk assessments are prioritized based on system criticality and regulatory requirements.
- Remediation recommendations may require departmental resources or approvals.
- Some assessments may require access to sensitive data or systems.
- Non-compliance or unaddressed risks may result in disciplinary action or regulatory penalties.