Risk Assessment

Why We Conduct the Risk Assessment

This cybersecurity risk assessment initiative is a critical, mandated component of our state's strategy to protect vital government data and systems. In accordance with West Virginia Code §5A-6B-3 and §5A-6B-4 , which requires state agencies to undergo appropriate cyber risk assessments. Our goal is to ensure policy alignment by systematically evaluating agency security posture against recognized industry standards using the CISA Cybersecurity Evaluation Tool (CSET), thereby fulfilling our statutory obligation to identify vulnerabilities and build a robust, defensible digital infrastructure across the executive domain.

Deadline

The final risk assessment report and approved Plan of Action & Milestones (POA&M) must be submitted to the Chief Information Security Officer no later than November 30th of each year.

CSET Overview

The WVOT uses the CSET tool from CISA
The assessment consists of 25 questions across 4 categories

Identify Protect Respond Govern

What to Expect

Getting started with the risk assessment is simple and structured to ensure your success. The entire process is a collaborative effort between your agency, your IRM, and the WVOT Cyber Security Risk Audit Team.

The 3-Step Process

Scheduling: You can now schedule your risk assessment at your convenience by selecting a time that works best for your team through our Cyber Risk Team Booking Calendar. If you have any questions regarding the schedule, please feel free to reach out to your IRM for assistance.
The Meeting: A member of the WVOT Cyber Security Risk Audit Team will be present at your initial meeting. They are there to actively help you through the process, answer your questions, and provide immediate guidance on using the CSET tool.
Submission & Next Steps: Once your agency has completed the risk assessment, you will formally submit the final CSET findings to the Chief Information Security Officer's (CISO) office.

Questions about Risk Assessment?

Submit all your Risk Assessment questions to

Email: wvotitaudit@wv.gov

Page updated

Report abuse