|Title:||Risk Management, Information Technology|
|Policy Owner:||Information Security Office|
|Applies to:||Students, Employees, Users|
|Campus Applicability:||Storrs and Regional Campuses|
|Effective Date:||May 16, 2012|
|For More Information, Contact||Chief Information Security Officer|
|Contact Information:||(860) 486-8255|
This policy is available in the Information Security Policy Manual.
The Information Security Office (ISO) is responsible for developing a process for conducting Risk Assessments for the University’s information technology (IT) resources.
The results of the Risk Assessment will be used to determine security improvements resulting in reasonable and appropriate levels of risk acceptance and compliance for each system.
Results indicating an unacceptable level of risk shall be remediated as soon as possible, as determined by specific circumstances and the timelines decided collectively by the Chief Information Security Officer (CISO), Data Steward, and the Dean, Director or Department Head.
Results of all risk assessments shall be treated as Confidential Data and secured appropriately.
Each department is responsible for ensuring that a Risk Assessment is performed biennially for each of the information technology resources in their respective areas. Risk Assessments will also be conducted when there is an environmental or operational change that may affect the security of Confidential Data.
Policy Created: May 16, 2012