The Loch Ness Monster, Big Foot, and Successful IT Risk Assessments—Which Have You Found?

Tuesday, May 02 | 4:30PM–5:30PM | Penrose 2, Lower Level 1
Session Type: Breakout Session
Delivery Format: Concurrent Session
The world is filled with mysteries. Much like the Loch Ness Monster or Bigfoot, comprehensive, value-driven IT risk assessments can be elusive. Add the uniqueness of higher education and you have a real enigma. In this session, you will gain actionable insights into how Princeton University’s Office of Information Technology and Office of Audit and Compliance partnered to develop and execute a successful university-wide IT risk assessment that included input from more than 90 people across 29 academic and administrative departments. The effort not only yielded actionable risk data but significantly raised awareness of IT risk across the campus. This is a topic specific/intermediate level session.

Outcomes: Understand the strategies used to enable a successful, sustainable, and actionable university-wide IT risk assessment * Manage and reduce risks associated with IT risk assessment * Evangelize and demonstrate the value of partnership


  • Christopher Oswald

    Director, IT Audit, Princeton University
  • David Sherry

    Chief Information Security Officer, Princeton University

Resources & Downloads

  • The Loch Ness Monster_slides

    878 KB, pdf - Updated on 1/22/2024