LTC Technical and Network Services Creates Web-based Application for College Risk Assessment- November 4, 2008

The LTC's Technical and Network Services (TNS) team recently completed the second annual Risk Assessment of all College of Education networked computing devices. This assessment, conducted by all University units, emphasizes identifying the highest risk information, such as social security numbers, which is called “Category 1” data.

A screenshot of the Web-based risk assessment application

This year, TNS Coordinator Ryan Baldwin and Network Security Officer James Cutrone wanted to use an online application to conduct the assessment, replacing time consuming interviews and the tedious transfer of data from paper forms. They spent several weeks developing a Web-based system that would lead College personnel through a step-by-step process, similar to that of many online tax programs that take users sequentially through each step of completing an income tax return. Another feature making the application easy to complete was that user computer information, such as UT inventory numbers, was included, if TNS had the information in their records.

College personnel were able to complete the assessment at their convenience and results were calculated automatically. The system also provided lots of information on sensitive data and how to keep it safe.

The assessment was completed in mid-October. Of 867 devices checked, 560 contained Category 1 data.

Ryan presented the COE Risk Assessment application to a gathering of technical support staff from around campus who all agreed that its features should be incorporated into the University’s risk assessment application. The ITS Information Security Office was also very impressed with the application and will explore whether a version of the system could be used campus-wide for next year’s assessment.

—Laurie Caldwell, LTC Communications Coordinator

Related Links

• University Annual Risk Assessment
• UT Data Classification Guidelines