Security assessment includes a range of activities designed to characterize the threats, vulnerabilities, controls, and residual risks associated with information systems. Security assessments might also be designed to measure compliance with relevant policies, standards, or regulations. The output from assessment activities is critical for the prioritization of security investments and remediation projects. UW Medicine Information Security Policy SEC-09 requires all system owners to complete risk assessments for their systems.
The security team currently supports two self-assessment tools that focus primarily on compliance with UW Medicine information security policies.
There are a wide variety of security configuration assessment tools available that you can run. These tools are provided by many sources within and outside the UW community. Links to some of these are provided on our other tools page.