The university develops a risk management strategy to secure university operations and assets.


  • The university‚Äôs Chief Information Security Officer (CISO) has the primary responsibility for the implementation of this Control.


  • 1

    The Chief Information Security Officer (CISO) shall develop a comprehensive strategy to:

    • 1.1

      Manage security risks to university operations and assets, individuals, and other organizations related to the operation and use of information resources.

    • 1.2

      Manage privacy risks to individuals resulting from the authorized processing of personally identifiable information.

  • 2

    Implement a risk management strategy consistently across the university.

  • 3

    Review and update a risk management strategy annually or as required to address organizational changes.