Risk Assessment Policy

Purpose

To provide ¼«ËÙÁùºÏ²Ê¿ª½±½á¹û with guidance in identifying and gaining an understanding of the components of the institution that make up its information security system and thereby enable ¼«ËÙÁùºÏ²Ê¿ª½±½á¹û to manage cybersecurity risk to systems, assets, data, and capabilities.

Policy

Risk assessments take into account threats, vulnerabilities, likelihood, and impact to ¼«ËÙÁùºÏ²Ê¿ª½±½á¹û assets, individuals, and other organizations based upon the use of the ¼«ËÙÁùºÏ²Ê¿ª½±½á¹û system. ¼«ËÙÁùºÏ²Ê¿ª½±½á¹û periodically conducts assessments of risk, which include the likelihood and magnitude of harm from the unauthorized access, use, disclosure, disruption, modification and/or destruction of the ¼«ËÙÁùºÏ²Ê¿ª½±½á¹û system, system components, and the information processed, stored or transmitted by the system. Risk assessment results are documented and reviewed by the ¼«ËÙÁùºÏ²Ê¿ª½±½á¹û Security Official or designee. The risk assessment results are then disseminated to appropriate faculty and staff including, but not limited to, the ¼«ËÙÁùºÏ²Ê¿ª½±½á¹û executive staff. Risk assessments are conducted annually by ¼«ËÙÁùºÏ²Ê¿ª½±½á¹û or whenever there are significant changes to ¼«ËÙÁùºÏ²Ê¿ª½±½á¹û, its system, or other conditions that may impact the security of ¼«ËÙÁùºÏ²Ê¿ª½±½á¹û.

Summary

  • Physical (hardware) and software assets will be assessed as to vulnerability and those vulnerabilities will be documented.
  • From time to time a vulnerability scan on those assets will be conducted in order to assess vulnerability in either the information system or its hosted applications.
  • ¼«ËÙÁùºÏ²Ê¿ª½±½á¹û uses a variety of sources in order to assist in determining asset vulnerabilities.
  • These sources can include but are not limited to US-CERT bulletins, InfraGard, the Federal Trade Commission (FTC) and the Research Education Networking Information Sharing and Analysis Center (RENISAC)
  • When threats are identified they will be documented as to type of threat, a description of the threat and the characteristics of the threat.
  • Threats will be classified in relationship to the potential for adverse impact on the College.
  • Once a risk is identified, it will be reduced or mitigated.
  • ¼«ËÙÁùºÏ²Ê¿ª½±½á¹û understands that risks exist regardless of efforts and will address risks as they become suspected or evident.

Risk Assessment Policy Details [pdf]

 

Contact Us

Mailing Address

333 N. College Way
Claremont, CA 91711

Get in touch

Connect

Give back to
¼«ËÙÁùºÏ²Ê¿ª½±½á¹û

Support ¼«ËÙÁùºÏ²Ê¿ª½±½á¹û

Part of