Sample it security risk management policy

broken image
broken image
broken image

The approach encourages communication and cooperation among the UW System stakeholders and drives a continuous improvement of the UW’s risk-related activities. This approach integrates the information security concerns into both the UW business and technical environments and ensures continual alignment of risk strategy with the UW mission.

broken image

The procedure has been designed in a manner to balance statutory, regulatory, and contractual security requirements against the culture of openness and decentralized nature of the university system in a reasonable and productive manner. This procedure is based on the three-tier risk management approach defined by NIST SP800-37 Risk Management Framework for Information Systems and Organizations: A system Life Cycle Approach for Security and Privacy NIST Special Publication 800-53, Security and Privacy Controls for Federal Information Systems and Organization and the NIST Cybersecurity Framework (CSF). This Information Security Risk Management (ISRM) procedure establishes the process for the management of information security risks faced by the institutions of the University of Wisconsin (UW) System.

broken image

 

PreviousNext
Cookie Use
We use cookies to improve browsing experience, security, and data collection. By accepting, you agree to the use of cookies for advertising and analytics. You can change your cookie settings at any time. Learn More
Accept all
Settings
Decline All
Cookie Settings
Necessary Cookies
These cookies enable core functionality such as security, network management, and accessibility. These cookies can’t be switched off.
Analytics Cookies
These cookies help us better understand how visitors interact with our website and help us discover errors.
Preferences Cookies
These cookies allow the website to remember choices you've made to provide enhanced functionality and personalization.
Save