Information Security Controls Catalog PM-9
Last Review: 10/1/22
Statement
The University shall develop an organization-wide risk management strategy includes an expression of the security and privacy risk tolerance for the organization, security and privacy risk mitigation strategies, acceptable risk assessment methodologies, a process for evaluating security and privacy risk across the organization with respect to the organization’s risk tolerance, and approaches for monitoring risk over time.
Applicability
This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.
Implementation
WTAMU shall:
- Develop a comprehensive strategy to manage:
- Security risk to organizational operations and assets, individuals, other organizations, the State of Texas, and the Nation associated with the operation and use of organizational systems; and
- Privacy risk to individuals resulting from the authorized processing of personally identifiable information.
- Implement the risk management strategy consistently across the organization; and
- Review and update the risk management strategy annually or as required to address organizational changes.