IT Risk Assessments
2060 Torgersen (0197)
Blacksburg, VA 24061
Information Technology Risk Assessment (ITRA)
A resilient enterprise has the capacity to overcome disruptions, and the ability to continually adapt to an ever-shifting range of threats and vulnerabilities. Especially in the realm of IT resources, more protection is continually required. The risk assessment process is a key component for understanding and establishing university resilience.
Conducting an IT Risk Assessment enables the departments to correlate IT resources with mission critical business processes and services. Using that information, it then becomes possible to characterize interdependencies and the consequences of potential disruptions, as well as to generate plans to eliminate or ameliorate risks.
This website details the steps necessary to complete your group’s Information Technology Risk Assessment (ITRA), which will provide valuable guidance in characterizing and mitigating possible setback affecting your department’s key IT infrastructure.
IT Risk Assessment Reporting
Using the ITRA Template provided, each departmental risk assessment team is expected to complete a report that can be easily shared with all parties involved in the process. This report should be maintained within the department. In addition, a copy of the completed ITRA report should be sent to Virginia Tech’s Office of Converged Technologies for Security, Safety and Resilience (CTSSR). IT Risk Assessments must be reviewed and updated on an annual basis, and are due by March 15th, which coincides with the deadline for submission of updates to the Continuity of Operations Plan (COOP). If a department has no IT Risk Assessment in place, it is wise to begin the process now. The only valid ITRA is one that is current with regard to the technology assets present in the department. CTSSR will maintain a centralized digital archive of ITRA reports for each department and unit at Virginia Tech. Reports can be sent as an attachment (pdf format is preferred) to email@example.com.