ASSETs:
Automated Security Self-Evaluation Tools

Special Note for SSN-Use Survey:

An SSN-Use specific version of ASSETs will be released on May 15. Unit Security Liaison will be required to inventory all of the servers in their unit(s) that store or process Social Security Numbers by June 15. Step 1) Manage Inventory of Sensitive and Critical Systems is the only step that is required by the June 15 dead line, and only servers need to be included in the inventory at this time.

What is ASSETs?

An online database application used by Unit Security Liaisons to conduct an on-going university-wide qualitative IT risk assessment and to create security plans to help mitigate risk.

The program consists of 6 simple steps:

1. Inventory Assessment: Identifies sensitive/critical systems and sets the scope for the rest of the assessment.
2. Risk Assessment: Helps Unit Security Liaison assess unit risk level and prioritize mitigation efforts.
3. Security and Business Processes Questionnaire: Evaluates processes and procedures for the unit.
4. Security Evaluation Report: Displays results of the Security and Business Processes Questionnaire.
5. Security Plan: Creates a printable report complete with recommended actions for improving security and business processes.
6. Business Continuity Plan: Contains some basic information about creating a BCP

Why ASSETs?

As a result of the 2005/2006 Securing Sensitive Data Initiative (SSDI), all colleges/departments (academic and administrative) at UGA were tasked with the following:

• Identification and inventory of critical/sensitive servers/data and business processes;
• Assessment of critical and sensitive assets;
• Evaluation of business and security processes;
• Development of a plan to lower the risks and threats to the identified assets;
• Creation of a sustainable process/plan to mitigate risks/threats going forward;
• Attend security awareness training and education sessions

ASSETs addresses most of these concerns.

FAQ: