Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

At Risk? Take the IT Risk Assessment

30 visualizaciones

Publicado el

Boards of Directors and leadership are asking IT and data questions related to risk. How at risk are we? Where are we the weakest? What is an acceptable level of IT risk? This presentation was a working session presented by Shaun Holloway at the ASAE TEC Conference in Washington, DC on December 4, 2019. The Risk Assessment was completed with audience members for them to begin taking steps toward remediation. http://www.srholloway.com

Publicado en: Tecnología
  • Sé el primero en comentar

  • Sé el primero en recomendar esto

At Risk? Take the IT Risk Assessment

  1. 1. At Risk? Take the IT Risk Assessment @ShaunHolloway Association of College and University Housing Officers – International
  2. 2. Our Time Together 10 - Assessment Tool Overview 25 - Complete the IT Risk Assessment 10 – Results Discussion and Actionable Next Steps Questions and Assistance
  3. 3. Assessment Tool Created in 2016 Used with the Board of Directors in 2016 and 2019 assessments Needed a way to identify areas of risk that were actionable
  4. 4. Reputable Instrument Educause IT Risk Register U.S. National Institute of Standards and Technology Guide for Conducting Risk Assessment U.S. Government Accountability Office InfoSec risk assessment matrices
  5. 5. Assessment Framework 36 risk statements 34 defined by the Educause IT Risk Register 2 added by ACUHO-I for direct user-based scenarios 11 IT Domains Management of IT IT Support Services Educational Technology Services Research Computing Services Data Centers Communications Infrastructure Enterprise Infrastructure and Services Information Security Identity Management Systems and Applications Business Continuity
  6. 6. Assessment Framework 6 Functional Areas Compliance Financial System Service Operational Reputational Strategic
  7. 7. Assessment Scoring
  8. 8. Assessment Scoring Undesirable 1.0 – 0.8 Effort is needed to address the risk statement and understand the current situation and factors that are contributing to the situation. Reviewable 0.7 – 0.4 A discretionary review by management is needed to determine whether the level of risk is acceptable or if the risk statement is undesirable. Acceptable 0.3 – 0.0 Risk statement is deemed to be in a state that does not need to be reviewed by management.
  9. 9. RISK ASSESSMENT TIME Access the IT Risk Assessment Tool
  10. 10. RESULTS DISCUSSION ACUHO-I’s Findings
  11. 11. Data Analysis - 2016 v 2019 Undesirable 1.0 - 0.8 Reviewable 0.7 - 0.4 Acceptable 0.3 - 0.0 Undesirable 1.0 - 0.8 Reviewable 0.7 - 0.4 Acceptable 0.3 - 0.0
  12. 12. Functional Area Analysis 0 5 10 15 20 25 30 Compliance Financial System Service Operational Reputational Strategic Undesirable (n=2) Reviewable (n=7) Acceptable (n=27) 0 5 10 15 20 25 30 Undesirable (n=2) Reviewable (n=7) Acceptable (n=27) Compliance Financial System Service Operational Reputational Strategic
  13. 13. Service Area Analysis 0 2 4 6 8 10 12 14 Undesirable (n=2) Reviewable (n=7) Acceptable (n=27)
  14. 14. Data Suggests 0 5 10 15 20 25 30 Undesirable 1.0 - 0.8 Reviewable 0.7 - 0.4 Acceptable 0.3 - 0.0 Risk Statement Distribution 2019 2016
  15. 15. Rationale Contributions Apply human interpretations Evaluation team discussion outcomes Focus on the UNDESIRABLES Define next steps
  16. 16. At Risk? Take the IT Risk Assessment @ShaunHolloway Association of College and University Housing Officers – International

×