The System Risk Assessment cycle is a process that not only identifies the risks associated with our information systems and the measures in place to reduce risks to an acceptable level, but it helps us identify the roles and the people involved in the stewardship of the data that resides on our information systems. System Owners must compete or review their System Risk Assessment annually. Completing the System Risk Assessment is important in today's advanced and complex technological environment in which we work. It is important that Data Owners and System Owners understand what risks exist in their information assets environment, and how those risks can be reduced or even eliminated.
The Information Security Office has identified some common risks, and put together a process and templates for System Owners to use in their efforts. System Owners are encouraged to review those common risks to see which might apply to their specific environment. They should then review their own surroundings to determine what specific risks exist for inclusion into the process.