![Page 1: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/1.jpg)
GAIN CONTROL berrydunn.com
IT SECURITY RISK ASSESSMENT
CASE STUDY FROM UNC CHARLOTTE
Presented by:Vienna Morrill
![Page 2: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/2.jpg)
GAIN CONTROL berrydunn.com
VIENNA MORRILL, MSA, CISA
ManagerBerryDunnManagement and IT Consulting Group
![Page 3: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/3.jpg)
3
AGENDA
1. What is risk?2. Why do an IT Security Risk Assessment? 3. What does the IT Security Risk
Assessment process entail?4. What elements of this approach should
you apply in your organization?
![Page 4: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/4.jpg)
4
![Page 5: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/5.jpg)
5
STACKING UP THE RISKS
Winning PowerBall Grand Prize (1 in 175.2M)
Attacked and killed by shark (1 in 3.7M)
Getting a hole in one (1 in 12,750)
Getting struck by lightening (1 in 12,000)
Being audited by the IRS (1 in 175)
Having a security breach at your organizationin the next two years (1 in 5)
![Page 6: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/6.jpg)
6
COST OF A DATA BREACH
Estimates range from $0.58/record (Verizon Data Breach Investigations Report) to
$201/record (Ponemon Institute Report).
![Page 7: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/7.jpg)
7
COST OF A DATA BREACH
Source: Verizon 2015 Data Breach Investigations Report
![Page 8: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/8.jpg)
8
![Page 9: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/9.jpg)
9
CASE STUDY
Information Technology Security Risk Assessment
![Page 10: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/10.jpg)
10
THE RISK ASSESSMENT PROCESS
![Page 11: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/11.jpg)
11
![Page 12: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/12.jpg)
12
THE QUESTIONNAIRE Included 21 Risk Areas:
1. Systems and Applications
2. Data Storage3. Responsibility and
Oversight4. Information Security
Training and Awareness
5. IT Security Incident Response
6. Access Controls 7. Audit Logs8. Remote Access9. Change Management10. Incident Management11. Physical Security12. Data Transmission13. Service Provider/
Vendor Due Diligence14. Disaster Recovery
Planning15. Data Backups16. Copiers and Multi-
Function Devices17. Hardware Disposal18. Mobile Devices19. Compliance20. Data Protection21. Credit Cards/Payment
Information
Included 21 Risk Areas:
1. Systems and Applications
2. Data Storage3. Responsibility and
Oversight4. Information Security
Training and Awareness
5. IT Security Incident Response
6. Access Controls 7. Audit Logs8. Remote Access9. Change Management10. Incident Management11. Physical Security12. Data Transmission13. Service Provider/
Vendor Due Diligence14. Disaster Recovery
Planning15. Data Backups16. Copiers and Multi-
Function Devices17. Hardware Disposal18. Mobile Devices19. Compliance20. Data Protection21. Credit Cards/Payment
Information
![Page 13: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/13.jpg)
13
![Page 14: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/14.jpg)
14
![Page 15: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/15.jpg)
15
THE IT SECURITY RISK ASSESSMENT MATRIX
![Page 16: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/16.jpg)
16
HEAT MAPS
![Page 17: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/17.jpg)
17
![Page 18: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/18.jpg)
18
OUTCOMES FOR UNC CHARLOTTE
Fostered Collaboration
Developed a Sustainable Approach
Increased Awareness for IT Security Risk
Established Priorities for Addressing Gaps
![Page 19: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/19.jpg)
19
![Page 20: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/20.jpg)
20
TAKEAWAYS
Engagement of stakeholders and
executive level support are critical.
It’s a risky world and security breaches are
expensive.
Conducting an Information Security
Risk Assessment doesn’t have to be
complicated.
An IT security risk assessment is not an
audit.
![Page 21: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/21.jpg)
21
QUESTIONS
![Page 22: CASE STUDY FROM UNC CHARLOTTE...CASE STUDY FROM UNC CHARLOTTE Presented by: Vienna Morrill GAIN CONTROL berrydunn.com VIENNA MORRILL, MSA, CISA Manager BerryDunn Management and IT](https://reader036.vdocuments.mx/reader036/viewer/2022070616/5f0cbe767e708231d436ea9a/html5/thumbnails/22.jpg)
GAIN CONTROL
We are always available for your questionsINTERESTED IN MORE?
berrydunn.com