All Information Systems purchased for use at the University of Florida must be assessed for risk that can result in threats to the integrity, availability and confidentiality of university data. Assessments must be completed prior to purchase of, or before significant changes to, an information system, and periodically re-assessed during the system’s lifetime. The initial focus of this effort will be on systems that store, process or transmit Restricted Data.
The UF Security office has implemented a risk management policy. There was an administrative memo on this issues November 12, 2015. The memo is copied below. In short, the memo states that you can’t purchase anything related to information technology with completing a risk assessment form. A risk assessment will take 2 to 12 weeks to process from the time your IT staff gets the information submitted. As your IT staff does not know the details of your research they are not able to fill out the forms without your input. The IT staff is aware of the burden of extra work this places on the instructors and researcher. We are here to help you with this process. Please allow an appropriate time for processing between your desire to purchase a data system and your need to use it.
Pages and Forms
Training Opportunities
There are several Cyber Security courses provided by the University of Florida. These courses have been customized to deal with the unique environment that is UF. You can find these courses, and other, at https://training.it.ufl.edu/.
Policies and Procedures
Below are the list of policies and procedures that must be read and understood for a risk assessment to be completed: