1. Intranet
  2. AskIT
  3. Cyber Security
  4. Protect Your Data
  5. Cyber Risk Assessments

Systems up or down

 

Cyber Risk Assessments

Banner Protect Your Data

UniSA cyber risk assessments are essential processes for business stakeholders, as they help identify and mitigate potential security risks associated with third-party vendors and their technology solutions. These assessments ensure that external partners and new technologies align with the institution's security standards and operational requirements. By identifying and addressing business risk, stakeholders can make informed decisions to better protect university data systems, staff and students’ privacy, thereby fostering a secure and resilient educational environment.

Types of Cyber Risk Assessments

There are two types of cyber risk assessments that can be performed for business stakeholders:

Definition


Third-Party Vendor Assessment (TVA) is the process of evaluating the security, compliance, and operational risks that external vendors or partners may pose to an organization’s data, systems, or business operations.


Solution Risk Assessment (SRA) is the process of identifying, evaluating, and mitigating potential risks associated with the design, implementation, or integration of a specific technology solution introduced to an organisation’s operational environment.

When should the business request this

  • During tender and procurement processes, before engaging a vendor for a service or product.
  • At contract renewal and significant contractual changes.

 

  • During a tender/procurement process before engaging a vendor for a technology solution.
  • Before the design or implementation or deployment.
  • During significant updates or changes to existing systems.
  • Whenever solution use case/scope changes.

Stakeholder Roles

CyberStakeholderBuckets.png

Business Unit

  • Initiates risk assessment process and provides relevant supporting documents
  • Reviews draft risk assessment.
  • Signs off on final risk assessment and controls
  • Ensures control implementation and maintenance.
  • Provides ongoing evidence of control management (if required).

Control Owners

  • Implements recommended controls.
  • Contributes to design and effectiveness of controls.
  • Provides ongoing evidence of control management (if required).
  • Receive updates and final documentation.
  • Implements/maintains mitigation strategy.

Cyber GRC Team

  • Conducts cyber risk assessment.
  • Facilitates discussion and defines control objectives
  • Propose/recommends controls.
  • Signs off on final risk assessment and controls.
  • Records risks and conduct/facilitates re-assessment.