Purpose
To provide É«ÖÐÉ« with guidance in identifying and gaining an understanding of the components of the institution that make up its information security system and thereby enable É«ÖÐÉ« to manage cybersecurity risk to systems, assets, data, and capabilities.
Policy
É«ÖÐÉ« maintains a comprehensive strategy to manage risks to its operations, assets, faculty, staff, students, and other organizations associated with the operations and use of É«ÖÐɫ’s system. É«ÖÐɫ’s priorities, constraints, risk tolerances, and assumptions are established and used to support risk management decisions. É«ÖÐɫ’s risk management strategy is consistently applied across the entire institution. The risk management strategy is periodically reviewed and updated, or as required, to address changes to É«ÖÐÉ«.
Summary
- Risk management is a fundamental requirement to support the mission of É«ÖÐÉ«.
- Risk management responsibilities are assigned to executive staff.
- Continued recognition of risk management is a requirement.
- Assessing the level of risk that the organization can tolerate is necessary.
- Risk framing is part of the management process. Framing defines College’s approach to risk management by using laws, policies, regulations and contractual relationships that will inform and impact potential decisions about risk.
- Risks will be assessed in order to identify and evaluate the risk and its likelihood of occurrence and its breadth of impact.
- Risk response results in determining the most appropriate course of action, including prioritization and associated cost.
- Risk monitoring helps É«ÖÐÉ« in monitoring continuing regulatory compliance, effectiveness of risk response and understand changes that present risks to the É«ÖÐÉ« information systems.
- Risk tolerance is the level of risk or its degree of uncertainty that is acceptable to the College.
- Risk management strategies are employed consistently across the entire institution