Risk Assessment Policy

Purpose

To provide ƽÌØÎå²»ÖÐ College with guidance in identifying and gaining an understanding of the components of the institution that make up its information security system and thereby enable ƽÌØÎå²»ÖÐ College to manage cybersecurity risk to systems, assets, data, and capabilities.

Policy

Risk assessments take into account threats, vulnerabilities, likelihood, and impact to ƽÌØÎå²»ÖÐ College assets, individuals, and other organizations based upon the use of the ƽÌØÎå²»ÖÐ College system. ƽÌØÎå²»ÖÐ College periodically conducts assessments of risk, which include the likelihood and magnitude of harm from the unauthorized access, use, disclosure, disruption, modification and/or destruction of the ƽÌØÎå²»ÖÐ College system, system components, and the information processed, stored or transmitted by the system. Risk assessment results are documented and reviewed by the ƽÌØÎå²»ÖÐ College Security Official or designee. The risk assessment results are then disseminated to appropriate faculty and staff including, but not limited to, the ƽÌØÎå²»ÖÐ College executive staff. Risk assessments are conducted annually by ƽÌØÎå²»ÖÐ College or whenever there are significant changes to ƽÌØÎå²»ÖÐ College, its system, or other conditions that may impact the security of ƽÌØÎå²»ÖÐ College.

Summary

  • Physical (hardware) and software assets will be assessed as to vulnerability and those vulnerabilities will be documented.
  • From time to time a vulnerability scan on those assets will be conducted in order to assess vulnerability in either the information system or its hosted applications.
  • ƽÌØÎå²»ÖÐ College uses a variety of sources in order to assist in determining asset vulnerabilities.
  • These sources can include but are not limited to US-CERT bulletins, InfraGard, the Federal Trade Commission (FTC) and the Research Education Networking Information Sharing and Analysis Center (RENISAC)
  • When threats are identified they will be documented as to type of threat, a description of the threat and the characteristics of the threat.
  • Threats will be classified in relationship to the potential for adverse impact on the College.
  • Once a risk is identified, it will be reduced or mitigated.
  • ƽÌØÎå²»ÖÐ College understands that risks exist regardless of efforts and will address risks as they become suspected or evident.

Risk Assessment Policy Details [pdf]

 

Contact Us

Mailing Address

333 N. College Way
Claremont, CA 91711

Get in touch

Connect

Give back to
ƽÌØÎå²»ÖÐ

Support ƽÌØÎå²»ÖÐ

Part of