General ISORA Information 

What is ISORA?

ISORA stands for Information Security Office Risk Assessment. ISORA was created by UT's Information Security Office for the purpose of bringing the University into compliance with Texas Administrative Code (TAC-202) and UT System Business Procedures Memorandum (BPM) 75. Aside from bringing UT Austin into compliance, another important purpose of ISORA is to identify risks so that the University can devise mechanisms to deal with those risks.

Why do I have to fill out ISORA?

The state and the University administration require the University to undergo an annual assessment, ISORA, of the University's information resources. People who are asked to fill out ISORA are asked because they are responsible for an information resource, such as a computer, that was connected to the UT Austin network between April 1, 2011, and July 1, 2011.

What will happen if I enter incorrect information in ISORA?

There is no penalty for filling out ISORA incorrectly. However, it is very important that ISORA be filled out accurately, because inaccurate information in ISORA hurts the University’s ability to manage the risk to University data.

When do I have to complete Step 1 for ISORA?

Step 1 for ISORA must be completed by Friday, October 21, 2011.

What happens after Step 1 of ISORA is completed?

After Step 1 is completed, McCombs Computer Services will complete Step 2 and submit ISORA to Dean Gilligan for approval.

Computers Listed in ISORA

Why am I identified with a specific computer or device in ISORA?

A computer is assigned to you in ISORA because either your name appears as the computer name or your department lists you as responsible for a specific computer(s).

How do I find my computer name?

On a PC running Windows XP, click on the "Start" button in the lower left-hand corner, highlight the "Control Panel" folder, and select the “System” icon. After the “System Properties” window opens, click on the “Computer Name” tab. You will see your computer name listed on the “Full computer name:” line.

What should I do if I am not responsible for a computer listed under my name in ISORA?

Contact James Coombes (James.Coombes@mccombs.utexas.edu) and he will help investigate the issue with ISORA computer assignment.

I have another computer, but it isn’t listed in ISORA. Why is that?

The computers listed in ISORA are made up of devices and computers that were on the University’s network between April 1, 2011, and July 1, 2011. If your computer wasn't on the UT Austin network during that period, your computer won’t be listed in ISORA.

Why isn’t my computer's UT inventory number listed next to the computer assigned to me in ISORA?

The University currently does not have a system that links computer names to their UT inventory numbers; however, McCombs Computer Services has gone into ISORA and entered UT inventory numbers for any computer where they knew the UT inventory number.

Classifying Computer Data

How do I determine the classification of the data on my computer?

The University’s data classification standards can be found at the following URL:

http://www.utexas.edu/its/policies/opsmanual/dataclassification.php

I don't know what data is on my machine. How should I fill out ISORA in this case?

It is very important to know what data is on your computer. If for some reason you do not know what data is on your computer, then click no to all the wizard questions and then contact James Coombes (James.Coombes@mccombs.utexas.edu). James will work with you on getting your computer to a state where you know all the data on it.

Why does the wizard say "It has been determined that you are unaware of the what data are on your system"?

You are getting this result because you answered no to the three data classification questions (Does this system have category 1 data on it?, Does this system have category 2 data on it?, Does this system have category 3 data on it?).

-If you actually know the type of data on your computer, click the "Cancel" button and then restart the wizard for the computer again.
-If for some reason you do not know what data is on your computer, then go ahead and click the "Acknowledge" button and then contact James Coombes (James.Coombes@mccombs.utexas.edu). James will work with you on getting your computer to a state where you know all the data on it.

Someone else also uses my computer, and I don't know what data they put on it. How should I fill out ISORA in this case?

It is very important to know what data is on your computer. If for some reason you do not know what data is on your computer, then set your computer’s data classification in ISORA to “I don’t know” and then contact James Coombes (James.Coombes@mccombs.utexas.edu). James will work with you on getting your computer to a state where you know all the data on it.

ISORA Tutorials 

Are there any instructional resources that will help me fill out ISORA?

Yes, a videos was created by the Information Security Office to assist UT Austin faculty and staff in filling out ISORA. You can access the videos by clicking the links below.

Introduction to filling out the survey (ISORA Step 1 - duration: 7:41):

https://security.utexas.edu/risk/video/quicktime/2010/ISORA-2010-Step1.mov

  • No labels

Confluence Documentation | Web Privacy Policy | Web Accessibility