Date: Thu, 28 Mar 2024 23:35:26 -0500 (CDT) Message-ID: <660469722.1476.1711686926995@wiki.ncsa.illinois.edu> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_1475_1902002569.1711686926994" ------=_Part_1475_1902002569.1711686926994 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Document Name: NCSA Risk Assessment and Mitigation
<=
strong>Version: 1.2
Accountable: James Eyrich<=
br>Authors: Alex Withers
The intent of completing a risk assessment is to determine potenti= al threats and vulnerabilities and the likelihood and impact should they oc= cur. The output of this process helps to identify appropriate controls for = reducing or eliminating risk.
This process of risk assessment and mitigation applies to any NCSA=
resources that are required to undergo a risk assessment.
Risk mitigation involves prioritizing, evaluating, and implementin= g the appropriate risk-reducing controls recommended from the risk assessme= nt process to ensure the confidentiality, integrity and availability of NCS= A's computational resources (and specifically ePHI and CUI for the ACHE). D= etermination of appropriate controls to reduce risk is dependent upon the r= isk tolerance of the organization consistent with its goals and mission.