Information Security Risk Management and Assessment


Information Security Risk Assessment and Management services provides risk assessment and mitigation recommendations for all instances, uses and handling of University and student-owned information, including individual systems, regulatory and University policy compliance, data handling procedures, as well as performing vulnerability and risk assessments for departments and data managers around all aspects of business process. The Office of Information Security also assists auditors with any type of investigation, audits of department systems, campus wide audits, as well as identification and remediation recommendations for vulnerability identified during investigations.

Examination, assessment and articulation of risk enables University academic and business units to be better informed prior to making decisions around risk acceptance or other disposition of risk. Risk assessment also positions the University to make sound decisions around security investments and future cost-of-consequence avoidance.

This service is available to faculty and staff.

This service can be requested by contacting the Service Desk at 617-373-4357 (HELP) or by e-mailing the Office of Information Security at