How to read an IT Security Assessment Report

Overview

Starting August 1, 2024, the OU IT Security Profile Summary, shared when a security assessment has been completed, is changing it’s look and feel.  The image below provides an overview of what to expect in the new report format.

Introduction *NEW

The introduction section provides a summary of the assessment and instructions for you to follow.Introduction

Vendor Background *NEW

The vendor background section provides specific details about the vendor and product assessed, including the expiration date of the assessment.

Vendor Background

Company Profile *UPDATED

The company profile section replaces the first page of the old Security Profile Summary report and provides specific attributes collected and tracked by OU IT.  These attributes are used by other teams during the procurement process.

Company Profile

Key Risks

The key risks sections provides you with a list of security tasks.  It is the responsibility of the Data Steward or Asset Administrator to review these risks and develop a plan to address them.

Key Risks

Assessment Summary

The assessment summary sections give an overview of the vendor's score and how it was calculated.

Assessment Summary

Remediation Summary

The remediation summary shows the improvement progress for any open risks.

Remediation Summary

Conclusion

The conclusion section provides links to the IT DR and Access Control Runbooks and IT Security Exceptions.

Conclusion

Evidence

The evidence used to generate this report section provides a list of data sources used to compile the security profile summary.

Evidence Used

Print Article

Related Articles (1)

This article provides an overview of the Security Consultation - Security Assessment Request form and provides guidance for filling out the form.

Related Services / Offerings (1)