University of Illinois System

Digital Risk Office

What is Digital Risk Management?

Digital risk management is a crucial component of the university's overall risk management strategy and involves identifying, assessing, and mitigating risks associated with the University of Illinois System's digital infrastructure. The term digital risk encompasses the challenges related to continuous change and increasing complexity in the system's operations, technology, and threat environments relating to cybersecurity, privacy, compliance, business continuity, ICT accessibility, and risk management.

The goal is to enhance the university's ability to engage in innovative academic, research, clinical, and administrative endeavors while managing these risks. Additionally, digital risk management promotes a culture of digital risk awareness and stewardship throughout the university, maintains partnerships with stakeholders, and guides policy development and implementation to ensure effective management of digital risks.

Scope of Responsibilities

Digital risk encompasses the challenges related to continuous change and increasing complexity in the University of Illinois System's operations, technology, and threat environments as they relate to:

  • Cybersecurity
  • Privacy
  • Compliance
  • Business Continuity
  • ICT accessibility
  • Risk management

The Chief Digital Risk Officer (CDRO) advocates for digital-risk management with responsibility for formulating strategy, and collaboration across the U of I System, bringing IT and non-IT units together to address organizational digital risk, executive metrics reporting, and management and oversight of shared digital risk services. The digital risk office partners with the U of I System IT, Cybersecurity offices, and other stakeholders to establish shared services to achieve economies of scale while allowing the functions within the universities, hospital, and system offices to focus on execution, operations, and organizational-specific needs.

Digital Risk Office is:

Innovator

Engages in innovative academic, research, clinical, & administrative endeavors by leveraging its digital assets while managing its digital risks.

Teacher

Promotes a culture of digital risk awareness & stewardship to ensure the integrity of its vast digital assets and information.

Advisor

Advises the President, Chancellors, CIOs, and others on risks & mitigation as it relates to IT, privacy, & cybersecurity.

Partner

Maintains partnerships with stakeholders from academic, research, healthcare, business, risk, administration, IT, privacy, & security areas.

Policy Maker

Guides system-level policy development and implementation in all areas concerning digital risk.

Digital Risk Process

All the activities presented here might be performed sequentially or simultaneously, as the need arises, and are augmented by a strong risk culture that promotes the efficacy of these actions.

A diagram of five elements of risk culture: internal environment and objective setting, event/risk identification, communication and monitoring, risk response and action (Control activities and mitigation plans), and risk assessment and measurement (likelihood and impact).