Statement

The University may respond to risk by either implementing new controls or strengthening existing controls, accepting risk with appropriate justification or rationale, sharing, or transferring risk, or avoiding risk. Risk response addresses the need to determine an appropriate response to risk before generating a plan of action and milestones entry.

Applicability

This Control applies to all West Texas A&M network information resources. The intended audience for this Control includes all information resource owners, custodians, and users of information resources.

Implementation

WTAMU shall respond to findings from security and privacy assessments, monitoring, and audits in accordance with the organizational risk tolerance and system criticality.