 |
| Information Security Risk Management Risk Management |
Number: 8020.0 Revised: August 15, 2010 |
Risk management is part of an on-going process to identify security control gaps on campus systems and processes. Risk management provides the basis for prioritization and selection of remediation activities and can be used to monitor the effectiveness of campus controls. Risk management is conducted through an annual campus-wide risk assessment and on-going risk management processes defined by the ISO.
Annual Risk Assessment
Sacramento State conducts an annual campus-wide risk assessment coordinated by the Information Security Office. Results from the assessment are provided to the Vice President and Chief Information Officer, in the form of a campus-wide report that is presented to the President. The President will certify completion of the annual risk assessment, including certification of all mitigation strategies and all campus risk acceptance.
On-going Risk Management Processes
Such ongoing processes include risk remediation, monitoring, mitigation, and acceptance. These processes will be used by the Information Security Office and other campus management during both the discovery process related to information security risk processes and for incidents involving non-compliance with Information Security Policies and standards. These processes help define outstanding risks and the strategies used to address those risks. Such risk and non-compliance will be addressed though four processes
Risk Management Steps:
Risk Monitoring Process
Risk Mitigation Process
Risk Acceptance Process
Risk Managment Tool
Back to to Sacramento State Information Security Policy Website