SKIP TO PAGE CONTENT

RA-1 Risk Assessment Policy and Procedures

Last Review: 10/1/22

Overview

The West Texas A&M Information Security Controls Catalog establishes the minimum standards and controls for University information security in accordance with the state's Information Security Standards for Institutions of Higher Education found in Title 1, Chapter 202, Texas Administrative Code (TAC 202).

Purpose

To develop, document, update, and disseminates to a risk assessment policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and to develop procedures to facilitate the implementation of the risk assessment policy and associated risk assessment controls.

Scope

The scope of these regulations and procedures are applicable to all information resources owned or operated by WTAMU. All users are responsible for adhering to this policy. If needed or appropriate, information regarding roles, responsibilities, management commitment, and coordination among organizational entities are embedded within these procedures.

Regulations and Procedures

The State of Texas Department of Information Resources (DIR) has chosen to adopt a select number of Risk Assessment Controls as established within the NIST SP 800-53 control family guidelines identified by the DIR Security Control Standards Catalog.  Information security risk assessments are vital procedures for maintaining the security of information resources and meeting legal requirements for protecting confidential information.

The purpose and goal of these assessments can only be achieved if the assessments are conducted effectively.  The set of controls below shall be implemented to ensure assessments are conducted effectively and consistently. WTAMU will maintain written and documented risk assessments.  

Phone
Twitter
Facebook
Instagram
Mail