The CU-Boulder IT Security Office has developed a risk management framework and risk assessment service to meet campus needs in identifying and mitigating IT related risk. The risk management framework is intended to facilitate periodic, department level IT risk assessments, providing consistent definitions, processes and reports. This will allow departments, and the campus as a whole, to better understand IT related risk and develop both focused and broad steps to address that risk. This framework is designed with existing and draft policies in mind to provide a minimal cost risk assessment option for departments.
This document is the primary description of the CU-Boulder IT risk management framework and should be reviewed by management and technology leads. The IT Security Office is happy to meet with departments to discuss risk assessment and management before an assessment, or at any other time.