Risk Assessment Policy

Purpose

To provide 6VµçÓ°Íø with guidance in identifying and gaining an understanding of the components of the institution that make up its information security system and thereby enable 6VµçÓ°Íø to manage cybersecurity risk to systems, assets, data, and capabilities.

Policy

Risk assessments take into account threats, vulnerabilities, likelihood, and impact to 6VµçÓ°Íø assets, individuals, and other organizations based upon the use of the 6VµçÓ°Íø system. 6VµçÓ°Íø periodically conducts assessments of risk, which include the likelihood and magnitude of harm from the unauthorized access, use, disclosure, disruption, modification and/or destruction of the 6VµçÓ°Íø system, system components, and the information processed, stored or transmitted by the system. Risk assessment results are documented and reviewed by the 6VµçÓ°Íø Security Official or designee. The risk assessment results are then disseminated to appropriate faculty and staff including, but not limited to, the 6VµçÓ°Íø executive staff. Risk assessments are conducted annually by 6VµçÓ°Íø or whenever there are significant changes to 6VµçÓ°Íø, its system, or other conditions that may impact the security of 6VµçÓ°Íø.

Summary

  • Physical (hardware) and software assets will be assessed as to vulnerability and those vulnerabilities will be documented.
  • From time to time a vulnerability scan on those assets will be conducted in order to assess vulnerability in either the information system or its hosted applications.
  • 6VµçÓ°Íø uses a variety of sources in order to assist in determining asset vulnerabilities.
  • These sources can include but are not limited to US-CERT bulletins, InfraGard, the Federal Trade Commission (FTC) and the Research Education Networking Information Sharing and Analysis Center (RENISAC)
  • When threats are identified they will be documented as to type of threat, a description of the threat and the characteristics of the threat.
  • Threats will be classified in relationship to the potential for adverse impact on the College.
  • Once a risk is identified, it will be reduced or mitigated.
  • 6VµçÓ°Íø understands that risks exist regardless of efforts and will address risks as they become suspected or evident.

Risk Assessment Policy Details [pdf]

 

Contact Us

Mailing Address

333 N. College Way
Claremont, CA 91711

Get in touch

Connect

Give back to
6VµçÓ°Íø

Support 6VµçÓ°Íø

Part of