{"id":1088,"date":"2026-05-29T09:25:27","date_gmt":"2026-05-29T14:25:27","guid":{"rendered":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/?page_id=1088"},"modified":"2026-06-05T13:37:51","modified_gmt":"2026-06-05T18:37:51","slug":"information-security-risk-assessment-process","status":"publish","type":"page","link":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/information-security-risk-assessment-process\/","title":{"rendered":"Information Security Risk Assessment Process"},"content":{"rendered":"    <section class=\"cc--component-container cc--hero-basic bg-image  hero-basic\">\n\n<div class=\"c--component c--hero-basic\">\n                <div class=\"background-image hero-bg-image \" style=\"background-image: url(https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/wp-content\/uploads\/sites\/104\/2026\/05\/cybersecurity-risk-assessment-process.jpg);\" aria-label=\"Image Description\">\n            <div class=\"f--image--hidden\">\n\t\t\t\t<div class=\"f--field f--image \">                <img decoding=\"async\" src=\"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/wp-content\/uploads\/sites\/104\/2026\/05\/cybersecurity-risk-assessment-process.jpg\" alt=\"\">\n\t\t\t<\/div><!-- f--field f--image -->\n            <\/div>\n        <\/div>\n\t\n<div class=\"outer-wrapper\">\n    <div class=\"inner-wrapper\">\n        <div class=\"text-container\">\n            <div class=\"text-wrapper\">\n\t\t\t\t<div class=\"f--field f--page-title \"><h1>Information Security Risk Assessment Process<\/h1>\n\n<\/div><!-- f--field f--page-title -->\n\t\t\t\t<div class=\"f--field f--text \"><\/div><!-- f--field f--text -->\n            <\/div>\n        <\/div>\n    <\/div>\n<\/div>\n\n\n<\/div><!-- c--component c--hero-basic -->\n\n    <\/section><!-- cc--component-container cc--section -->\n\n\n    <section class=\"cc--component-container cc--enhanced-cards  enhanced-cards color-white\">\n\n<div class=\"c--component c--enhanced-cards\">\n        \n\n\n\n\n\n    <div class=\"enhanced-cards-bg-img-container  color-white\" style=\"; background-size: cover; background-repeat: no-repeat; position: relative; z-index:1;\">\n\n        <div class=\"enhanced-cards\" style=\"grid-template-columns: repeat(3, minmax(0, 1fr));\">\n\n            <div class=\"title-description\">\n                \n                                    <div class=\"description\">\n                        <p style=\"text-align: center;\">This process ensures that all risk decisions remain focused on what matters most to the university\u2019s mission and compliance responsibilities.<\/p>\n                    <\/div>\n                \n            <\/div>\n\n                                            <div class=\"before-title enhanced-card color-white visual-content-icon text-align-center\" style=\"align-items:center;\">\n                                                                        <div style=\"margin-bottom: 16px\">\n                                <i style=\"color: #cc0033\" class=\"fa-classic fa-regular fa-square-1 xlarge\"><\/i>\n                            <\/div>\n                                            \n                    \n                                        <div class=\"content-wrapper\" style=\"\">\n\n                                                    <div data-mh=\"c--enhanced-cards--title\" class=\"title-container\" style=\"justify-content: center;\">\n                                                                <div class=\"title-icon-container\">\n                                                                                                                                            <\/div>\n                                                                                            <h3>\n                                                                                                                                                <\/h3>\n                            <\/div>\n                        \n                        \n\n                        <div class=\"content\" data-mh=\"c--enhanced-cards--content\" style=\"width:100%\">\n                            <p style=\"text-align: center;\"><strong>Data classification and asset valuation<\/strong><br \/>\nThe <strong>data classification and asset valuation<\/strong> phase evaluates projects against the university\u2019s information classification levels and assigns an asset value based on data sensitivity and regulatory requirements. This foundation ensures that all risk decisions remain focused on what matters most to the university\u2019s mission and compliance responsibilities.<\/p>\n                        <\/div>\n\n                                            <\/div>\n\n                                    <\/div>\n                                            <div class=\"before-title enhanced-card color-white visual-content-icon text-align-center\" style=\"align-items:center;\">\n                                                                        <div style=\"margin-bottom: 16px\">\n                                <i style=\"color: #cc0033\" class=\"fa-classic fa-regular fa-square-2 xlarge\"><\/i>\n                            <\/div>\n                                            \n                    \n                                        <div class=\"content-wrapper\" style=\"\">\n\n                                                    <div data-mh=\"c--enhanced-cards--title\" class=\"title-container\" style=\"justify-content: center;\">\n                                                                <div class=\"title-icon-container\">\n                                                                                                                                            <\/div>\n                                                                                            <h3>\n                                                                                                                                                <\/h3>\n                            <\/div>\n                        \n                        \n\n                        <div class=\"content\" data-mh=\"c--enhanced-cards--content\" style=\"width:100%\">\n                            <p><strong>Risk assessment<\/strong><br \/>\nA <strong>risk assessment<\/strong> phase evaluates third-party or internal services, applications, and systems. This phase uses <strong>intake questionnaires<\/strong>, public policy reviews, and security documentation to gather vendor, system, or project details. Data sensitivity, technical safeguards, and hosting environments are factored to produce a clear risk rating <strong>(High, Medium-High, Medium-Low, or Low)<\/strong> and practical mitigation strategies.<\/p>\n                        <\/div>\n\n                                            <\/div>\n\n                                    <\/div>\n                                            <div class=\"before-title enhanced-card color-white visual-content-icon text-align-center\" style=\"align-items:center;\">\n                                                                        <div style=\"margin-bottom: 16px\">\n                                <i style=\"color: #cc0033\" class=\"fa-classic fa-regular fa-square-3 xlarge\"><\/i>\n                            <\/div>\n                                            \n                    \n                                        <div class=\"content-wrapper\" style=\"\">\n\n                                                    <div data-mh=\"c--enhanced-cards--title\" class=\"title-container\" style=\"justify-content: center;\">\n                                                                <div class=\"title-icon-container\">\n                                                                                                                                            <\/div>\n                                                                                            <h3>\n                                                                                                                                                <\/h3>\n                            <\/div>\n                        \n                        \n\n                        <div class=\"content\" data-mh=\"c--enhanced-cards--content\" style=\"width:100%\">\n                            <p><strong>Reporting<\/strong><br \/>\nA <strong>comprehensive report<\/strong> summarizes the risk assessment, outlines identified risks, recommends <a href=\"#mitigation\">mitigation strategies<\/a> for each risk, and documents the <strong>remaining risks<\/strong> in our university-wide risk register. Annual recertifications are recommended to reassess the security posture of both internal and external services and partnerships and reinforce the protection of Rutgers data in an ever-evolving threat landscape.<\/p>\n                        <\/div>\n\n                                            <\/div>\n\n                                    <\/div>\n            \n            \n        <\/div>\n\n    <\/div>\n\n<\/div><!-- c--component c--enhanced-cards -->\n\n    <\/section><!-- cc--component-container cc--section -->\n\n\n    <section class=\"cc--component-container cc--heading-description vertical  heading-description color-white\">\n\n<div class=\"c--component c--heading-description\">\n        \n<div class=\"inner-wrapper\">\n    <div class=\"text-container\">\n\t\t<div class=\"f--field f--section-title \"><h2>\n            Request services    <\/h2>\n<\/div><!-- f--field f--section-title -->\n        <div class=\"cta-container\">\n\t\t\t<div class=\"f--field f--description \"><p style=\"text-align: center;\">Whether you\u2019re launching a new application, onboarding a vendor, or need a quick security consult, the <strong>Information Security Risk Management team<\/strong> is ready to help.<\/p>\n<p style=\"text-align: center;\"><a class=\"button\" href=\"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/requesting-services\/\" target=\"_self\">Contact us<\/a><\/p>\n<\/div><!-- f--field f--description -->\n        <\/div>\n    <\/div>\n<\/div>\n<\/div><!-- c--component c--heading-description -->\n\n    <\/section><!-- cc--component-container cc--section -->\n\n\n    <section class=\"cc--component-container cc--enhanced-cards  enhanced-cards color-light-gray\">\n\n<div class=\"c--component c--enhanced-cards\">\n            <a class=\"anchor-adjustment\" id=\"mitigation\"><\/a>\n        \n\n\n\n\n\n    <div class=\"enhanced-cards-bg-img-container  color-light-gray\" style=\"; background-size: cover; background-repeat: no-repeat; position: relative; z-index:1;\">\n\n        <div class=\"enhanced-cards\" style=\"grid-template-columns: repeat(4, minmax(0, 1fr));\">\n\n            <div class=\"title-description\">\n                                    <h2 style=\"text-align: center;\">Mitigation strategies<\/h2>\n                \n                                    <div class=\"description\">\n                        <p style=\"text-align: center;\">Business application owners, along with data and system owners, are ultimately responsible for making informed decisions regarding projects and vendor engagements. To support this responsibility, the following risk mitigation strategies are provided to guide the evaluation and management of potential risks:<\/p>\n                    <\/div>\n                \n            <\/div>\n\n                                            <div class=\"before-title enhanced-card color-light-gray visual-content-icon text-align-center\" style=\"align-items:center;\">\n                                                                        <div style=\"margin-bottom: 16px\">\n                                <i style=\"color: #cc0033\" class=\"fa-classic fa-regular fa-circle-1 large\"><\/i>\n                            <\/div>\n                                            \n                    \n                                        <div class=\"content-wrapper\" style=\"\">\n\n                                                    <div data-mh=\"c--enhanced-cards--title\" class=\"title-container\" style=\"justify-content: center;\">\n                                                                <div class=\"title-icon-container\">\n                                                                                                                                            <\/div>\n                                                                                            <h3>\n                                                                            Risk Acceptance                                                                    <\/h3>\n                            <\/div>\n                        \n                        \n\n                        <div class=\"content\" data-mh=\"c--enhanced-cards--content\" style=\"width:100%\">\n                            <p>Acknowledge and formally accept the identified risks when the impact is minimal or within the organization\u2019s risk tolerance.<\/p>\n                        <\/div>\n\n                                            <\/div>\n\n                                    <\/div>\n                                            <div class=\"before-title enhanced-card color-light-gray visual-content-icon text-align-center\" style=\"align-items:center;\">\n                                                                        <div style=\"margin-bottom: 16px\">\n                                <i style=\"color: #cc0033\" class=\"fa-classic fa-regular fa-circle-2 large\"><\/i>\n                            <\/div>\n                                            \n                    \n                                        <div class=\"content-wrapper\" style=\"\">\n\n                                                    <div data-mh=\"c--enhanced-cards--title\" class=\"title-container\" style=\"justify-content: center;\">\n                                                                <div class=\"title-icon-container\">\n                                                                                                                                            <\/div>\n                                                                                            <h3>\n                                                                            Risk Transfer                                                                    <\/h3>\n                            <\/div>\n                        \n                        \n\n                        <div class=\"content\" data-mh=\"c--enhanced-cards--content\" style=\"width:100%\">\n                            <p>Shift responsibility for specific risks to third parties through mechanisms such as insurance coverage or contractual obligations.<\/p>\n                        <\/div>\n\n                                            <\/div>\n\n                                    <\/div>\n                                            <div class=\"before-title enhanced-card color-light-gray visual-content-icon text-align-center\" style=\"align-items:center;\">\n                                                                        <div style=\"margin-bottom: 16px\">\n                                <i style=\"color: #cc0033\" class=\"fa-classic fa-regular fa-circle-3 large\"><\/i>\n                            <\/div>\n                                            \n                    \n                                        <div class=\"content-wrapper\" style=\"\">\n\n                                                    <div data-mh=\"c--enhanced-cards--title\" class=\"title-container\" style=\"justify-content: center;\">\n                                                                <div class=\"title-icon-container\">\n                                                                                                                                            <\/div>\n                                                                                            <h3>\n                                                                            Risk Avoidance                                                                    <\/h3>\n                            <\/div>\n                        \n                        \n\n                        <div class=\"content\" data-mh=\"c--enhanced-cards--content\" style=\"width:100%\">\n                            <p>Decide not to proceed with an engagement or activity to minimize exposure to high or unacceptable risks.<\/p>\n                        <\/div>\n\n                                            <\/div>\n\n                                    <\/div>\n                                            <div class=\"before-title enhanced-card color-light-gray visual-content-icon text-align-center\" style=\"align-items:center;\">\n                                                                        <div style=\"margin-bottom: 16px\">\n                                <i style=\"color: #cc0033\" class=\"fa-classic fa-regular fa-circle-4 large\"><\/i>\n                            <\/div>\n                                            \n                    \n                                        <div class=\"content-wrapper\" style=\"\">\n\n                                                    <div data-mh=\"c--enhanced-cards--title\" class=\"title-container\" style=\"justify-content: center;\">\n                                                                <div class=\"title-icon-container\">\n                                                                                                                                            <\/div>\n                                                                                            <h3>\n                                                                            Risk Reduction                                                                    <\/h3>\n                            <\/div>\n                        \n                        \n\n                        <div class=\"content\" data-mh=\"c--enhanced-cards--content\" style=\"width:100%\">\n                            <p>Implement additional technical, administrative, or physical controls to decrease the likelihood or impact of identified risks.<\/p>\n                        <\/div>\n\n                                            <\/div>\n\n                                    <\/div>\n            \n            \n        <\/div>\n\n    <\/div>\n\n<\/div><!-- c--component c--enhanced-cards -->\n\n    <\/section><!-- cc--component-container cc--section -->\n\n\n    <section class=\"cc--component-container cc--special-announcement  cta-banner color-light-gray\">\n\n<div class=\"c--component c--special-announcement\">\n        \n<div class=\"inner-wrapper\">\n    <div class=\"text-wrapper\">\n        <div class=\"f--field f--section-title \"><h2>\n                <\/h2>\n<\/div><!-- f--field f--section-title -->\n<div class=\"f--field f--description \"><p style=\"text-align: center;\">By leveraging these strategies, business, data, and system owners can align risk-based decisions with operational goals, ensuring the security and resilience of Rutgers\u2019 systems and data assets.<\/p>\n<\/div><!-- f--field f--description -->\n    <\/div>\n\n    <div class=\"button-wrapper\">\n        \n            <\/div>\n<\/div>\n\n<style>\n    .cta-banner .inner-wrapper {\n        display: flex;\n        justify-content: space-between;\n    }\n\n    .cta-banner .inner-wrapper .button-wrapper {\n        align-items: center;\n        display: flex;\n        gap: 30px;\n    }\n<\/style><\/div><!-- c--component c--special-announcement -->\n\n    <\/section><!-- cc--component-container cc--section -->\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":992,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"footnotes":""},"page-category":[],"class_list":["post-1088","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Information Security Risk Assessment Process - Cybersecurity Risk Management Program<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/information-security-risk-assessment-process\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Information Security Risk Assessment Process - Cybersecurity Risk Management Program\" \/>\n<meta property=\"og:url\" content=\"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/information-security-risk-assessment-process\/\" \/>\n<meta property=\"og:site_name\" content=\"Cybersecurity Risk Management Program\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-05T18:37:51+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-risk-management-program\\\/information-security-risk-assessment-process\\\/\",\"url\":\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-risk-management-program\\\/information-security-risk-assessment-process\\\/\",\"name\":\"Information Security Risk Assessment Process - Cybersecurity Risk Management Program\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-risk-management-program\\\/#website\"},\"datePublished\":\"2026-05-29T14:25:27+00:00\",\"dateModified\":\"2026-06-05T18:37:51+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-risk-management-program\\\/information-security-risk-assessment-process\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-risk-management-program\\\/information-security-risk-assessment-process\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-risk-management-program\\\/information-security-risk-assessment-process\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"LinkedIn Learning\",\"item\":\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-risk-management-program\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Information Security Risk Assessment Process\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-risk-management-program\\\/#website\",\"url\":\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-risk-management-program\\\/\",\"name\":\"Cybersecurity Risk Management Program\",\"description\":\"A Rutgers IT Service\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/it.rutgers.edu\\\/cybersecurity-risk-management-program\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Information Security Risk Assessment Process - Cybersecurity Risk Management Program","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/information-security-risk-assessment-process\/","og_locale":"en_US","og_type":"article","og_title":"Information Security Risk Assessment Process - Cybersecurity Risk Management Program","og_url":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/information-security-risk-assessment-process\/","og_site_name":"Cybersecurity Risk Management Program","article_modified_time":"2026-06-05T18:37:51+00:00","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/information-security-risk-assessment-process\/","url":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/information-security-risk-assessment-process\/","name":"Information Security Risk Assessment Process - Cybersecurity Risk Management Program","isPartOf":{"@id":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/#website"},"datePublished":"2026-05-29T14:25:27+00:00","dateModified":"2026-06-05T18:37:51+00:00","breadcrumb":{"@id":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/information-security-risk-assessment-process\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/information-security-risk-assessment-process\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/information-security-risk-assessment-process\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"LinkedIn Learning","item":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/"},{"@type":"ListItem","position":2,"name":"Information Security Risk Assessment Process"}]},{"@type":"WebSite","@id":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/#website","url":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/","name":"Cybersecurity Risk Management Program","description":"A Rutgers IT Service","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/wp-json\/wp\/v2\/pages\/1088","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/wp-json\/wp\/v2\/users\/992"}],"replies":[{"embeddable":true,"href":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/wp-json\/wp\/v2\/comments?post=1088"}],"version-history":[{"count":20,"href":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/wp-json\/wp\/v2\/pages\/1088\/revisions"}],"predecessor-version":[{"id":1133,"href":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/wp-json\/wp\/v2\/pages\/1088\/revisions\/1133"}],"wp:attachment":[{"href":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/wp-json\/wp\/v2\/media?parent=1088"}],"wp:term":[{"taxonomy":"page-category","embeddable":true,"href":"https:\/\/it.rutgers.edu\/cybersecurity-risk-management-program\/wp-json\/wp\/v2\/page-category?post=1088"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}