Is Your Data Risk Assessment Up to Date?
Reviewing your department’s data management is key to identify and mitigate risks of data loss, theft or system disruption. Working through a data risk assessment helps identify important internal controls to support sustainability during normal operations and in the event of a cyber incident.
Action Steps
Make sure you have documented the following:
- What data does your department make or receive?
- What data is critical to operations?
- What data is sensitive, being personally identifiable information (PII) or otherwise confidential?
- Who has access to your data?
- Where is data stored and backed up?
- What are the security risks that threaten loss or disruption of your data or systems?
- What controls do you have in place to mitigate these risks?
Need some tools to help you? Visit our CTR Cybersecurity Responsibilities page with tools and templates to help you organize and conduct a Data Risk Assessment as well as a Self-Assessment Tool to document how well you are following the Executive Office of Technology Services and Security (EOTSS) Information Security Standards. Contact [email protected] with notice of any incidents or suspected incidents of fraud or cyber threats or if you need support from our Statewide Risk Management Team.