Risk Assessment Policy

Purpose

To provide 51ÁÔÆæÈë¿Ú with guidance in identifying and gaining an understanding of the components of the institution that make up its information security system and thereby enable 51ÁÔÆæÈë¿Ú to manage cybersecurity risk to systems, assets, data, and capabilities.

Policy

Risk assessments take into account threats, vulnerabilities, likelihood, and impact to 51ÁÔÆæÈë¿Ú assets, individuals, and other organizations based upon the use of the 51ÁÔÆæÈë¿Ú system. 51ÁÔÆæÈë¿Ú periodically conducts assessments of risk, which include the likelihood and magnitude of harm from the unauthorized access, use, disclosure, disruption, modification and/or destruction of the 51ÁÔÆæÈë¿Ú system, system components, and the information processed, stored or transmitted by the system. Risk assessment results are documented and reviewed by the 51ÁÔÆæÈë¿Ú Security Official or designee. The risk assessment results are then disseminated to appropriate faculty and staff including, but not limited to, the 51ÁÔÆæÈë¿Ú executive staff. Risk assessments are conducted annually by 51ÁÔÆæÈë¿Ú or whenever there are significant changes to 51ÁÔÆæÈë¿Ú, its system, or other conditions that may impact the security of 51ÁÔÆæÈë¿Ú.

Summary

  • Physical (hardware) and software assets will be assessed as to vulnerability and those vulnerabilities will be documented.
  • From time to time a vulnerability scan on those assets will be conducted in order to assess vulnerability in either the information system or its hosted applications.
  • 51ÁÔÆæÈë¿Ú uses a variety of sources in order to assist in determining asset vulnerabilities.
  • These sources can include but are not limited to US-CERT bulletins, InfraGard, the Federal Trade Commission (FTC) and the Research Education Networking Information Sharing and Analysis Center (RENISAC)
  • When threats are identified they will be documented as to type of threat, a description of the threat and the characteristics of the threat.
  • Threats will be classified in relationship to the potential for adverse impact on the College.
  • Once a risk is identified, it will be reduced or mitigated.
  • 51ÁÔÆæÈë¿Ú understands that risks exist regardless of efforts and will address risks as they become suspected or evident.

Risk Assessment Policy Details [pdf]

 

Contact Us

Mailing Address

333 N. College Way
Claremont, CA 91711

Get in touch

Connect

Give back to
51ÁÔÆæÈë¿Ú

Support 51ÁÔÆæÈë¿Ú

Part of