Contact Information

Main Office: 828-262-6278
Fax: 828-262-2236
Location: ITS, Raley Hall

map

calendar

Change Text Size

A     A      A

Risk Assessment Policy

1.0 Purpose

To allow Network Infrastructure and Control Systems or designated security officer to perform periodic information security network risk assessments (RAs) for the purpose of determining areas of vulnerability, and to initiate appropriate remediation.

2.0 Scope

Risk assessments can be conducted on any entity within Appalachian State University or any outside entity that has signed a Third Party Agreement with Appalachian State University. RAs can be conducted on any information system, to include applications, servers, and networks, and any process or procedure by which these systems are administered and/or maintained.

3.0 Policy

The execution, development and implementation of remediation programs is the joint responsibility of Network Infrastructure and Control Systems, the Information Security Officer and the department responsible for the systems area being assessed. Employees are expected to cooperate fully with any RA being conducted on systems for which they are held accountable. Employees are further expected to work with the Risk Assessment Team in the development of a remediation plan.

4.0 Risk Assessment Process

For additional information, contact Network Infrastructure and Control Systems or the Information Security Officer.

5.0 Enforcement

Anyone found to have violated this Policy may have their network access privileges temporarily or permanently revoked.

6.0 Definitions

Entity
Any business unit, department, group, or third party, internal or external to Appalachian State University, responsible for maintaining Appalachian State University assets.
Risk
Those factors that could affect confidentiality, availability, and integrity of Appalachian State University's key information assets and systems. The Risk Assessment Team is responsible for ensuring the integrity, confidentiality, and availability of critical information and computing assets on Appalachian networks, while minimizing the impact of security procedures and policies upon business or educational missions.

7.0 Revision History

This policy was approved by the Provost on July 19, 2005