Security Risk Assessments

Last Updated: 12/17/2018


The CU Boulder IT Security Office has developed a risk assessment service to meet campus needs in identifying and mitigating IT-related risk in campus departments.

Security Risk Assessment Process

The IT Security Office (ITSO) works with campus departments to proactively identify and mitigate potential risks. A campus department may request a risk assessment by contacting the ITSO at

It is important that every department assess IT security periodically. To aid in this effort, the ITSO has created a risk management framework to provide consistent definitions, processes and reports. This will allow departments, and the campus as a whole, to better understand IT-related risk and develop both focused and broad steps to address that risk. This framework is designed with existing and draft policies in mind to provide a minimal cost risk assessment option for departments.


  • Assess IT related risk to your department within the CU Boulder Risk Management Framework.
  • Receive advice on how to best identify, classify, and protect your IT data assets.
  • Develop both focused and broad steps to address IT related risk for your department.


  • Ensures Security Policy Adherence
  • Provides Documentation of Departmental Security Measures
  • Promotes Security in Department


Risk assessments conducted by the IT Security Office are free.

Who can get it

Every department should complete a risk assessment periodically. To request a risk assessment completed by the IT Security Office, email, or contact the IT Service Center.

Related Policies