You are here
General Security Risk Assessments and Consultations
A security consultation is a discussion between your team and Pitt IT Security with the goal of helping your team understand the risks of processing, storing, and transmitting University data. During a consultation, Pitt IT Security will ask questions to develop a risk profile, such as:
- What type of data is involved?
- Where will the data be processed, stored, and transmitted?
- Are there any contractual or regulatory security requirements?
The goal of the risk assessment is to identify the security controls that adequately protect your data. Based on the risk profile of the project, Pitt IT Security will recommend appropriate data-protection controls, which may address access, configuration, auditing, training, communications protection, media protection, and information integrity.
When does a project need a security consultation?
Security consultations are helpful to understand the risks of data management, how security controls should be implemented to adhere to compliance and risk requirements, and to assist choosing the appropriate IT infrastructure for a project. Pitt IT recommends you request a consultation anytime your team is:
- Classifying data (learn more about data classifications)
- Considering options for IT infrastructure security controls
- Reviewing security regulations
- Evaluating compliance requirements