Purpose
To provide Â鶹´«Ã½ with guidance in identifying and gaining an understanding of the components of the institution that make up its information security system and thereby enable Â鶹´«Ã½ to manage cybersecurity risk to systems, assets, data, and capabilities.
Policy
Â鶹´«Ã½ maintains a comprehensive strategy to manage risks to its operations, assets, faculty, staff, students, and other organizations associated with the operations and use of Â鶹´«Ã½â€™s system. Â鶹´«Ã½â€™s priorities, constraints, risk tolerances, and assumptions are established and used to support risk management decisions. Â鶹´«Ã½â€™s risk management strategy is consistently applied across the entire institution. The risk management strategy is periodically reviewed and updated, or as required, to address changes to Â鶹´«Ã½.
Summary
- Risk management is a fundamental requirement to support the mission of Â鶹´«Ã½.
- Risk management responsibilities are assigned to executive staff.
- Continued recognition of risk management is a requirement.
- Assessing the level of risk that the organization can tolerate is necessary.
- Risk framing is part of the management process. Framing defines College’s approach to risk management by using laws, policies, regulations and contractual relationships that will inform and impact potential decisions about risk.
- Risks will be assessed in order to identify and evaluate the risk and its likelihood of occurrence and its breadth of impact.
- Risk response results in determining the most appropriate course of action, including prioritization and associated cost.
- Risk monitoring helps Â鶹´«Ã½ in monitoring continuing regulatory compliance, effectiveness of risk response and understand changes that present risks to the Â鶹´«Ã½ information systems.
- Risk tolerance is the level of risk or its degree of uncertainty that is acceptable to the College.
- Risk management strategies are employed consistently across the entire institution