UCI Information Security Risk Assessment Questionnaire
What is this tool?
This tool allows you to answer the question, "Am I doing enough to secure my system?"
At a minimum, use the 20 controls as a benchmark. For higher risk systems, use the detailed control guidance to ensure a robust and thorough analysis of security meaures.
Reviews and Audits
We've been told that there is inconsistency in both the security review and internal audit process. This tool helps standardize the process so there will be no surprises.
While each data security compliance framework, such as PCI or FISMA or HIPAA, will always have independent requirements, our philosophy is security is more effective when it is holistic and based on our actual risk. We have a unified approach that we map back to the compliance requirements as much as possible.
This tool also standardizes the approach for assessing the security posture of our information vendors. Also, anyone familiar with the requirements can review the answers.