One-page Unit Information Risk Scorecard & Information Risk Management Program

Data Asset Inventory Dashboard

Divisional Scorecard

Access Unit Data Asset Inventory & Information Risk Assessment Dashboards on theĀ  U of T Tableau Server.

Contact the DAI-IRSA Program Team to request access for your division or unit.

Remote users will need to login to UTORvpn first to access Tableau. Data from the surveys (REDCap) is refreshed weekly on Thursday mornings.

Note. The examples below are not from real results.

If the report pages do not fit on your screen, try decreasing the magnification on your web browser: ctrl and – on PC / command and – on mac.

One-page Unit Information Risk Scorecard

This one page scorecard is for internal use by a unit. It provides a quick way to visualize how the unit is managing its risk, and a comparison to averaged results for broad groups within the university. A table of the detailed responses are provided at the bottom of the dashboard, and comprise the unit’s Information Risk Management Program. Filters and sorting options allow you to set the view to different levels of granularity and drill down to specific areas of risk.

Data Asset Inventory Dashboard

The Data Asset Inventory Dashboard provides some basic counts of data assets based on:

  1. quantity of records and U of T Data Classification, providing a broad measure of impact
  2. number of institutional assets in the care of your unit

A detailed inventory is provided at the bottom of the dashboard, comprising the unit’s Data Asset Inventory. Filters and sorting options allow you to set the view to different levels of granularity, and drill down on specific categories within the inventory.

Divisional Scorecard

The DAI-IRSA Divisional scorecard shows:

  • Overall score for your division
  • Completion status for your division
  • Summary of major domains where risks were accepted and where mitigation plans are in progress
  • Aggregate results of scores categorized by Cybersecurity functions, results from U of T overall and institutional targets in those functions
  • Summary results of the data assets managed at your division.

The format is intended to provide you with a broad overview of the data in the custody of your division and the information risk management activities related to protecting that data.

References:

University of Toronto Data Classification Standard

NIST Cybersecurity Framework Functions descriptions

Source: https://csf.tools/reference/nist-cybersecurity-framework/v1-1/