What is it?

NDIT’s Risk Assessment service ensures an information system is secure from cyber-related threats while ensuring the confidentiality, integrity, and availability of the system. The assessment involves determining the overall risk and identifying vulnerabilities, while establishing controls to reduce risk. Our risk analysts, in partnership with the Information Security Officer for your entity, advise on risk responses for identified findings and help build a risk treatment plan. The assessment is based on industry best practices outlined in NIST 800-30R1 and incorporates security controls outlined in NIST 800-53R5 (along with other regulatory frameworks, if applicable, depending on the type of data involved).

What do you get with the service?

NDIT will collaborate with state agencies to walk through the risk assessment of a new or existing information system depending on the need to meet business objectives. By conducting a risk assessment, your organization will have better protection by identifying the threats and controls needed to help keep your system secure.

The service includes:

  • Formal risk assessment report of the information system
  • Identified threats or risks to the system
  • Prioritized findings of threats or risks
  • Recommendations to remediate threats to lower the risk
  • Overall risk rating of the system
  • Risk description explaining the risks in detail
  • Risk mitigation plan and presentation of findings

How do you request service?

For new and existing system risk assessments, submit an IT Review ServiceNow request NDIT’s ServiceNow Portal – IT Review Request.

  • Request Type: IT Review

Requests are prioritized as they come in and scheduled based upon the availability of resources. We strive to complete requests within three weeks from start to finish for system risk assessments.