Purpose
To provide Â鶹ӰÊÓ with guidance in identifying and gaining an understanding of the components of the institution that make up its information security system and thereby enable Â鶹ӰÊÓ to manage cybersecurity risk to systems, assets, data, and capabilities.
Policy
Â鶹ӰÊÓ maintains a comprehensive strategy to manage risks to its operations, assets, faculty, staff, students, and other organizations associated with the operations and use of Â鶹ӰÊÓ’s system. Â鶹ӰÊÓ’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk management decisions. Â鶹ӰÊÓ’s risk management strategy is consistently applied across the entire institution. The risk management strategy is periodically reviewed and updated, or as required, to address changes to Â鶹ӰÊÓ.
Summary
- Risk management is a fundamental requirement to support the mission of Â鶹ӰÊÓ.
- Risk management responsibilities are assigned to executive staff.
- Continued recognition of risk management is a requirement.
- Assessing the level of risk that the organization can tolerate is necessary.
- Risk framing is part of the management process. Framing defines College’s approach to risk management by using laws, policies, regulations and contractual relationships that will inform and impact potential decisions about risk.
- Risks will be assessed in order to identify and evaluate the risk and its likelihood of occurrence and its breadth of impact.
- Risk response results in determining the most appropriate course of action, including prioritization and associated cost.
- Risk monitoring helps Â鶹ӰÊÓ in monitoring continuing regulatory compliance, effectiveness of risk response and understand changes that present risks to the Â鶹ӰÊÓ information systems.
- Risk tolerance is the level of risk or its degree of uncertainty that is acceptable to the College.
- Risk management strategies are employed consistently across the entire institution