Information Security Risk Assessment

The Information Security Risk Assessment is a service provided by the UWM Information Security Office.  The scope of the Information Security Risk Assessment service is limited to the security controls applicable to the system or service’s environment relative to its conformance with the UWM Information Security Standards published at  and CIS’ Top 20  published at These baseline security requirements address security controls in the areas of computer hardware and software, data, operations, administration, management, information, facility, communication, personnel and contingency.

The completion of a risk assessment results in an awareness of the risks as well as recommendations to lower or accept those risks. University teams, departments or units may contact the Information Security Office to request a risk assessment. Conversely, a risk assessment may be a requirement for utilizing University IT infrastructure.

The risk assessment process is conducted in accordance with the methodology used by the National Institute of Standards and Technology (NIST). This methodology is qualitative and no attempt is made to determine any annual loss expectancies, asset cost projections or cost-effectiveness of security safeguard recommendations.

Service Information

Service Availability

Risk assessments can be performed Monday–Friday during regular University business hours.

Applicable Policies