Skip to main content

Application Risk Assessments

Application Risk Assessments

The Purpose

Rutgers Risk, Policy and Compliance Application Risk Assessment process scopes and assesses applications through a standardized and risk-based analysis of the strength of the control environment and the adequacy of the related internal control framework.

The Process

The objective of application risk assessments is to understand the existing system and environment and identify risks through analysis of the information/data collected. By default, all relevant information should be considered and includes:

  • Review the adequacy of existing security policies, standards, guidelines, and procedures.
  • Analyze assets, threats, and vulnerabilities, including their impacts and likelihood.
  • Map threats to assets and vulnerabilities to help identify their possible combinations. Each threat can be associated with a specific vulnerability or even multiple vulnerabilities. Unless a threat can exploit a vulnerability, it is not a risk to an asset.
  • Develop practical technical recommendations to address the vulnerabilities identified and reduce the level of security risk.
  • Produce and submit a Risk Assessment Report.

Program Resources 

The following application risk assessment resources can be accessed by logging in with your NetID.

Training guides

  • End user guide
  • Quick Tip 1: Logging into LogicManager
  • Quick Tip 2: Registering New Systems
  • Quick Tip 3: Application Assessment
  • Quick Tip 4: Database Assessment
  • Quick Tip 5: Report Portal
  • Quick Tip 6: Remediation Due Dates

Questionnaires

  • Database questionnaire
  • Application Information
  • Application Controls
  • Application Inherent Risk
  • Applications No Longer In Use

Questionnaires

  • Database questionnaire
  • Application Information
  • Application Controls
  • Application Inherent Risk
  • Applications No Longer In Use

Other resource materials

  • FAQ
  • Sample Listing of Documentation Requested
  • Risk Assessment Approach

Inquiries and support 

If you have additional questions regarding the program, contact us for assistance.