ISP-03 - Information Security Risk Management Policy

INFORMATION SECURITY RISK MANAGEMENT POLICY


 

Policy Objective

To establish a process to manage risks to Parkland College that result from threats to the confidentiality, integrity, and availability of Parkland College systems and data.

Scope

All data created, processed, stored, or transmitted by Parkland College and the related information systems, services, and individuals interacting with the data.

Policy

Section 1 – Risk Management

Management of risk is a critical component of any information security program, as it allows organizational change and improvement while minimizing negative impacts of potential outcomes. It helps ensure that any risks to confidentiality, integrity, and availability of systems and data are identified, analyzed, and treated.

  1. All systems, data, and processes must be assessed for risk to Parkland College.

  2. Risk must be evaluated prior to the purchase or processing of, or significant changes to, an information system or asset.

  3. Risk assessments must be performed by system and data owners for existing systems and data at regular intervals.

  4. Once risk is identified, a treatment shall be applied. Any untreated risk must be evaluated by Parkland College Administration for possible acceptance.

  5. Every system requires a system security plan with scheduled risk assessments and assigned personnel or roles to conduct and maintain them.

  6. Risks must be considered when change is planned for information systems and assets.

  7. Risks must be documented and prioritized for treatment.

  8. Mitigations must be cost effective relative to the system or asset being protected, considering any potential monetary, collateral, or reputational damage

  9. Information Security risk identification and mitigation activities must comply with the Risk Management Standard

 

Standards:

 

ISP-03 - Risk Management Standard (login required)

 

Print Article

Details

Article ID: 156035
Created
Wed 5/31/23 2:41 PM
Modified
Wed 5/31/23 4:28 PM

Related Articles (1)

Definitions of terms used across policies and standards