Virginia Tech® home

New risk classification standard and risk assessment dashboards help departments track and maintain security compliance

Line chart titled “Departmental Standing on Assessment Scores,” comparing 2023 and 2025 departmental security assessment scores at Virginia Tech. The 2025 scores (shown in maroon) trend higher overall than the 2023 scores (shown in orange) across ranked departments.
Risk classification standard and risk assessment dashboard.

Having accurate data about what systems you have, how they are connected, and how they are used is critical for digital security. This fiscal year, the Division of IT’s Security & Identity unit completed key work to better identify areas of risk and provide analysis that enables better management of data and digital assets. 

Line chart titled “Departmental Standing on Assessment Scores,” comparing 2023 and 2025 departmental security assessment scores at Virginia Tech. The 2025 scores (shown in maroon) trend higher overall than the 2023 scores (shown in orange) across ranked departments.
Risk classification standard and risk assessment dashboard.

The team updated the university’s inventory of system risk classifications, completing risk assessments on all high risk systems. Additionally, an update of university-wide unit inventories was completed using Isora GRC, an information security risk assessment tool that is used  to conduct targeted risk assessments based on customized criteria including laws, regulations, and standard frameworks. These inventories can be used by departments and their IT personnel to understand where their data is maintained, based on high, moderate, and low risk data classifications.

To enhance visibility into IT security system risk assessments, the ITSO created a real-time dashboard to provide insight into unit inventory compliance status. These dashboards empower leadership to pinpoint and mitigate areas of vulnerability, as well as to track their progress in making their data and systems more secure.

Related Content