Standards and their risk statements
The Standards have their mandate in the Information Technology policy and the data classifications are defined in DAT01. Each standard has a risk statement that is the goal for the standard and then defines the risk objectives to meet that goal. Each standard is then given a priority to allow leaders to focus on specific areas of need. These risk areas are used to organize, measure and manage risk levels consistently across the university.
The 30 risk areas can be found in the below with links to the detailed objectives.
| Management Standards Index |
| Management Risk MGT01 – Information Risk Management (P1) MGT02 – Information Security Management (P2) MGT03 – Compliance Management (P1) MGT04 – Business Continuity Management (P3) Legal Risk LEG01 – Legal & Regulatory Compliance (P2) Business Risk BUS01 – Financial Systems (P2) Purchasing Risk PUR01 – Contract Management (P3) Personnel Security Risk PS01 – Personnel Security (P2) Facilities Risk FAC01 – IT Site Security (P2) FAC02 – IT Workspace Security (P2) Institutional Data Risk DAT01 – Institutional Data Security (P1) DAT02 – Information Access Control (P1) |
| Information Technology Standards Index |
| Information Technology Risk IT01 – Disaster Recovery (P1) IT02 – Infrastructure Security (P1) IT03 – Network Security (P1) IT04 – Server Security (P1) IT05 – Identity Management (P1) IT06 – Malicious Software Protection (P1) IT07 – Application Development Security (P1) IT08 – Development Process (P2) IT09 – Vendor Management Security (P2) IT10 – Client Computer Security (P2) IT11 – Mobile Device Security (P2) IT12 – Digital Communications Security (P2) IT13 – Web Application Security (P2) IT14 – Security Incident Management (P2) IT15 – Storage Media Security (P2) IT16 – Security Training (P2) IT17 – Asset Management (P2) IT18 – Software License Management (P3) |