6/9/06 University begins Information Technology Risk Assessment

Procurement Services worked with the Office of Information Technologies to issue a request for proposal to evaluate risks that arise from Notre Dame’s information handling processes and systems. This is an example of the collaborative work and support that we can provide.

The Office of Information Technologies recently launched the Campus Information Technology Risk Assessment (CITRA), a project designed to assess the risks that arise from Notre Dame’s information handling processes and systems.

Conducted by the OIT’s Information Security Division in conjunction with Ernst & Young, “CITRA will illuminate how we currently handle information related to students, employees, finances, and donors,” says Notre Dame CIO Associate Vice President/Associate Provost Gordon Wishon. In addition, Wishon clarifies, “CITRA will provide recommendations on areas for further study, and identify priorities for managing risks associated with these data in our increasingly dynamic and knowledge-dependent culture.”

While the combined resources of OIT and Ernst & Young will handle the technical work, including network scans, the CITRA team will also seek assistance from departmental representatives across the University.

“We’ll ask departments to complete surveys and participate in group interviews to better understand how the University handles information,” Gary Dobbins, Director of Information Security says.

“The CITRA initiative will further the University’s effort to manage risk in our changing and information-rich environment,” Wishon says.