University of Illinois System
Last item for navigation

Approach

Mission Statement

Our mission is to create a culture of digital risk awareness and facilitate digital risk management across the University of Illinois System to ensure the integrity of its digital assets and information. The Digital Risk Office will maintain partnerships across the System with stakeholders from academic, research, healthcare, business, risk, information technology, administration, privacy, and cybersecurity areas. Under the EVP/VPAA, the office will guide System-level policy development and implementation in all areas concerning digital risk. It will advise and assist risk owners with those items in the Enterprise Risk Register that intersect with major technology initiatives; advocate for and direct appropriate resources to address digital risk priorities; and advise the President, Chancellors, CIOs, and other university leaders on appropriate risk mitigation measures.

Vision Statement

The Digital Risk Office will promote a culture of digital risk transparency, awareness, and stewardship among all members of the University of Illinois System. It will enhance the system's ability to engage in innovative academic, research, clinical, and administrative endeavors by leveraging its digital assets while managing its digital risks. The office will provide critical insights to university leadership on risk assessment and mitigation as it relates to information technology, privacy, and cybersecurity.

The 6 Ps

Our approach to managing digital risk revolves around the six Ps. The first three Ps are People, Process, and Product. They are listed in order of importance; People are the most critical component of the digital risk management program. Everything we do revolves around people. How we keep people safe, how we enable people to be successful, and how people are core to a digital risk-aware culture.

People drive the Process. Our process should be simple and enable opportunities while reducing our digital risk. The process feeds into and supports the Products (or services) we offer. Our products are the activities that enable our students, research, healthcare services, and community engagement. By supporting our people and process, our products will continue to have a lasting impact on the global community.

When we think about how digital risk supports our people, process, and product, we need to consider three additional Ps. We need to think about how we help the organization Prevent digital risks that could disrupt our ability to operate. What actions can we take or what decisions can we make today, to stop or reduce digital risk events from ever occurring?

We know it is impossible to prevent all digital risk events, so we must take steps today to Prepare for likely events. Creating awareness, building response capabilities, and testing plans before a crisis occurs are fundamental to helping the organization minimize damage and return to normal operations. It is not a matter of whether a digital event will happen but when.

With successful preparation, we can position the organization to respond quickly so that we can Persevere. The University of Illinois System's mission and focus do not revolve around responding and recovering from a digital event. We must support the organization to move past any disruptive events as it must continue to be An Institution of and for Our Students, provide Research and Scholarship with a Global Impact, provide A Healthy Future for Illinois and the Midwest, and be Tomorrow's University Today.