Skip to main content

PM-9 Risk Management Strategy

Description

The university develops a risk management strategy to secure university operations and assets.

Applicability

  • The university’s Chief Information Security Officer (CISO) has the primary responsibility for the implementation of this Control.

Implementation

  • 1 - The Chief Information Security Officer (CISO) shall develop a comprehensive strategy to:

    • 1.1 - Manage security risks to university operations and assets, individuals, and other organizations related to the operation and use of information resources.
    • 1.2 - Manage privacy risks to individuals resulting from the authorized processing of personally identifiable information.

  • 2 - Implement a risk management strategy consistently across the university.

  • 3 - Review and update a risk management strategy annually or as required to address organizational changes.