What is it?

NDIT’s Risk Assessment service ensures an information system is secure from cyber-related threats. The assessment involves determining the overall risk and identifying vulnerabilities, while establishing controls to reduce risk. The assessment is used to prioritize the identified threats and secure the overall system. The assessment is based on industry best practices outlined in NIST 800-30R1.

What do you get with the service?

NDIT will collaborate with state agencies to walk through the risk assessment of a new or existing information system depending on the need to meet business objectives. By conducting a risk assessment, your organization will have better protection by identifying the threats and controls needed to help keep your system secure.

The service includes:

  • Formal risk assessment report of the information system
  • Identified threats or risks to the system
  • Prioritized findings of threats or risks
  • Recommendations to remediate threats to lower the risk
  • Overall risk rating of the system
  • Risk description explaining the risks in detail
  • Risk mitigation plan and presentation of findings

How do you request service?

For new and existing system risk assessments, submit a generic ServiceNow request to Security NDIT’s Service Portal - Generic Service Request.

  • Request Type: Security

Provide additional details in the description:

  • ATTN: Governance, Risk and Compliance
  • Request for Risk Assessment on (name of system)

Requests are prioritized as they come in and scheduled based upon the availability of resources.  We strive to complete requests within three weeks from start to finish for system risk assessments.