Skip to Content

Information Security Office
Policy Index
Information Security Risk Management
Risk Management
Number: 8020.0 Revised: August 15, 2010

Risk management is part of an on-going process to identify security control gaps on campus systems and processes.  Risk management provides the basis for prioritization and selection of remediation activities and can be used to monitor the effectiveness of campus controls.  Risk management is conducted through an annual campus-wide risk assessment and on-going risk management processes defined by the ISO.

Annual Risk Assessment

Sacramento State conducts an annual campus-wide risk assessment coordinated by the Information Security Office. Results from the assessment are provided to the Vice President and Chief Information Officer, in the form of a campus-wide report that is presented to the President. The President will certify completion of the annual risk assessment, including certification of all mitigation strategies and all campus risk acceptance.

On-going Risk Management Processes

Such ongoing processes include risk remediation, monitoring, mitigation, and acceptance. These processes will be used by the Information Security Office and other campus management during both the discovery process related to information security risk processes and for incidents involving non-compliance with Information Security Policies and standards.  These processes help define outstanding risks and the strategies used to address those risks.   Such risk and non-compliance will be addressed though four processes

Risk Chart

Risk Management Steps:

Risk Monitoring Process

Risk Mitigation Process

Risk Acceptance Process

Risk Managment Tool

TruArx risk manamgment system

Back to to Sacramento State Information Security Policy Website

Feedback/Questions/Comments