Risk Assessment Policy

Purpose

To provide °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023 with guidance in identifying and gaining an understanding of the components of the institution that make up its information security system and thereby enable °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023 to manage cybersecurity risk to systems, assets, data, and capabilities.

Policy

Risk assessments take into account threats, vulnerabilities, likelihood, and impact to °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023 assets, individuals, and other organizations based upon the use of the °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023 system. °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023 periodically conducts assessments of risk, which include the likelihood and magnitude of harm from the unauthorized access, use, disclosure, disruption, modification and/or destruction of the °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023 system, system components, and the information processed, stored or transmitted by the system. Risk assessment results are documented and reviewed by the °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023 Security Official or designee. The risk assessment results are then disseminated to appropriate faculty and staff including, but not limited to, the °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023 executive staff. Risk assessments are conducted annually by °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023 or whenever there are significant changes to °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023, its system, or other conditions that may impact the security of °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023.

Summary

  • Physical (hardware) and software assets will be assessed as to vulnerability and those vulnerabilities will be documented.
  • From time to time a vulnerability scan on those assets will be conducted in order to assess vulnerability in either the information system or its hosted applications.
  • °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023 uses a variety of sources in order to assist in determining asset vulnerabilities.
  • These sources can include but are not limited to US-CERT bulletins, InfraGard, the Federal Trade Commission (FTC) and the Research Education Networking Information Sharing and Analysis Center (RENISAC)
  • When threats are identified they will be documented as to type of threat, a description of the threat and the characteristics of the threat.
  • Threats will be classified in relationship to the potential for adverse impact on the College.
  • Once a risk is identified, it will be reduced or mitigated.
  • °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023 understands that risks exist regardless of efforts and will address risks as they become suspected or evident.

Risk Assessment Policy Details [pdf]

 

Contact Us

Mailing Address

333 N. College Way
Claremont, CA 91711

Get in touch

Connect

Give back to
°ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023

Support °ÄÃÅÁùºÏ²Ê¿ª½±½á¹û2023

Part of