Cybersecurity Risk Assessments
Cybersecurity Risk Management is the process of identifying, evaluating, treating, and monitoring risks affecting IT resources. Cybersecurity risk management’s primary objective is reduction of risks to GW academic, research, and administrative operations and service continuity. Cybersecurity risk assessments offer a standards based, consistent approach to evaluating potential risks associated with technology solutions and services. GW IT’s cybersecurity risk assessment methodology evaluates security risks and related controls based on external guidance concerning best practice (e.g. NIST 800-171, NIST 800-53) as well as potential reputational, financial, regulatory compliance, and operational impacts.
Cybersecurity Risk Assessments are required when one or more of the following exist in the system, application, or service being used, developed or procured:
- Transmission, storing, or processing GW data or information classified as Restricted or Regulated by GW’s Data Classification Levels.
- Interconnecting with GW IT resources including GW enterprise applications (ERP, Active Directory, Financial Systems, etc.).
- Placed in the GW IT data center (including GW managed cloud environments), or involving campus infrastructure components connected to GW IT networks.
- Changes in data processing scope, or integrations to include adding processing, storing, or transmitting non-public data. This can include desktop computers and software licenses being used for a new activity that include one of the categories noted above.
Note: Software license purchases or renewals do not require reassessment unless they meet one or more of the bulleted items above.