When considering risk, the following questions can help start the process:
- What are the risks or threats you are concerned about?
- Do you access or store confidential or restricted data?
- Do you or your department have processes dependent on using your specific computer?
- Would someone else logging into your computer potentially have access to data they shouldn’t?
- How likely are those threats or risks?
- What level of risk is acceptable to you and your department?
- What might the impact and cost be should an adverse event occur?
- What might the impact and cost be to implement mitigations to address the risk?
Additionally, there are several sources on campus to help you know and understand your responsibilities and help you consider the risks you face:
- Office of the Chief Information Security Officer
- Internal Audit's Common Audit Recommendations
- UW Privacy and System Security Council (PASS Council)
- UW computer and data security policies