Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Frequently Asked Questions about the UCI Security Risk Assessment Questionnaire (SRAQ)

  • What is the SRAQ?
    • The SRAQ is a tool to guide you through the security risk assessment process for a system, to get you to think about and document the data components, threats and countermeasures, and other key information required when assessing risk.  It also provides a worksheet for risk acceptance and action items for risk reduction.  It is primarily used as a self-assessment tool, but is also the basis and required information gathering for audits and security reviews.  It can also be given to a vendor during an RFP for them to document how they will protect your data.
  • Where can I download the tool?
  • What is the "LITE" version vs the regular version?
    • The "LITE" version is the same document except has the detailed items under each control section removed to lower the number of pages.  It may be used for a low or medium risk system, however any high risk system should use the full version.  Also even for low/medium risk assessments, having the detailed items help explain each control section and can help answer questions people have filling it out, even if they don't choose to address each detail.
  • Responsible Parties- Who is the Proprietor, Custodian, and Information Security Coordinator?

 

  • No labels