Identify Private Data
Private data are valuable assets for the University, which require information security risk management.
University Information Security works with units periodically to develop a comprehensive view of private data across the University, as defined by the Data Security Classification policy. This information feeds into the planning process for information security risk assessments.
Units will receive instructions in advance to help collect the information and will have access to their responses for any follow-on risk management activity. Units with:
- Low risk processes will receive ongoing risk and security communications and will be contacted to identify any changes
- Medium to High risk processes may be contacted to schedule an information security risk assessment for the unit or service.