Risk Management, Information Technology

Title: Risk Management, Information Technology
Policy Owner: Information Security Office
Applies to: Students, Employees, Users
Campus Applicability:  Storrs and Regional Campuses
Effective Date: May 16, 2012
For More Information, Contact Chief Information Security Officer
Contact Information: (860) 486-8255
Official Website: http://security.uconn.edu/

 

This policy is available in the Information Security Policy Manual.

The Information Security Office (ISO) is responsible for developing a process for conducting Risk Assessments for the University’s information technology (IT) resources.

The results of the Risk Assessment will be used to determine security improvements resulting in reasonable and appropriate levels of risk acceptance and compliance for each system.

Results indicating an unacceptable level of risk shall be remediated as soon as possible, as determined by specific circumstances and the timelines decided collectively by the Chief Information Security Officer (CISO), Data Steward, and the Dean, Director or Department Head.

Results of all risk assessments shall be treated as Confidential Data and secured appropriately.

Procedures

Each department is responsible for ensuring that a Risk Assessment is performed biennially for each of the information technology resources in their respective areas. Risk Assessments will also be conducted when there is an environmental or operational change that may affect the security of Confidential Data.

Policy Created: May 16, 2012