UCOP Risk Assessment

The Office of the President conducted a risk assessment of the security controls for protected information subject to the Gramm-Leach-Bliley (G-L-B) Safeguarding Rule.* The analysis included evaluation of risks for both electronic and paper-based applications.

 

UCOP Risk Assessment Methodology

 

1. Identification of department/function to be reviewed
2. Determination of processes through which the assets pass
3. Identification of the procedure or storage action taken on each asset
4. Identification of the risks associated with the procedures or storage actions, or with the destruction of data prior to disposal of equipment
5. Identification of the control activities
6. Evaluation of the effectiveness of the controls
7. Identification of corrective actions

The risk assessment tool provided here may be adapted as required.

 

*For more information on this assessment, contact either Karl Heins, director of IT Audit Services, or Dan Sampson, director of Financial Control & Accountability.