Risk Assessment Policy and Procedures (RA-1)

The university has a Risk Assessment policy which includes the process of identifying, evaluating, and documenting the level of impact that may result from the operation of an information resource on the university’s mission, functions, image, reputation, assets, or individuals.

Security Categorization (RA-2)

Data classification provides a framework for managing data assets based on value and associated risks. It also guides the application of the appropriate levels of protection as required by state and federal law as well as proprietary, ethical, operational, and privacy considerations. All electronic data should be classified.

Risk Assessment (RA-3)

Information security risk assessments are vital procedures for maintaining the security of information resources and meeting legal requirements for protecting confidential information. The purpose and goal of these assessments can only be achieved if the assessments are conducted effectively and accurately. The purpose of this Control is to implement a monitoring process which adequately provides management with assurance that the information on which risk assessment assertions are made is factual. The goal of these procedures is to assist Texas A&M University units with improving the effectiveness of their use of the Information Security Risk Assessment Procedures (ISRAP) and the value and accuracy of their risk assessments.

Vulnerability Scanning (RA-5)

This Control addresses how the university scans for security vulnerabilities in information resources to prevent inappropriate or unauthorized access to information systems.