Have you done your Data Risk Assessment?
Departments are required to include cybersecurity risk assessments and mitigating controls as part of your department’s Internal Control Plan and system of internal controls.
If your department faces a system disruption or incident, or needs to respond to an IT Audit, you will need to be able to quickly identify what data you have and through what systems that data travels and resides.
To help you prepare for these types of events, CTR has created an informational document with four steps to perform a cybersecurity risk assessment that identifies and mitigates security risks.
Action steps:
- Review the 4 Steps to Prepare for a Cybersecurity Risk Assessment with your compliance, IT, and Security staff.
- Confirm that you have identified all of your data, data systems, data access, and potential risk points.
See our CTR Cyber page for more cybersecurity internal controls and contact [email protected] with any incidents or suspected incidents of fraud or cyber threats or if you need support from our Statewide Risk Management Team.