Date: Thu, 28 Mar 2024 11:42:34 -0500 (CDT) Message-ID: <1535487139.1243.1711644154892@wiki.ncsa.illinois.edu> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_1242_102877957.1711644154892" ------=_Part_1242_102877957.1711644154892 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Document Name: NCSA Risk Management Program
=
Version: 1.1
Accountable: James Eyrich
Authors: Alex Withers
Risk Management Program to conduct thorough and timely risk assess= ments of the potential threats and vulnerabilities to the confidentiality, = integrity, and availability of NCSA's computational resources. This p= rogram enables NCSA to develop strategies to efficiently and effectively mi= tigate the risks identified in the assessment process. Information produced= during the risk assessment will be used to determine and manage security c= ontrols for NCSA's computational resources.
This risk management program applies to all NCSA resources that do= not fall under a separate risk management program (i.e. ACHE).
The risk management program consists of two processes:
A risk assessment will be performed periodically by the NCSA Secur= ity Office. Exceptions to this include (i) substantial infrastructure/envir= onment changes that would require a new impact analysis and (ii) a security= incident that warrants reevaluation of risks.
A risk assessment is conducted as per the documented
NCSA implements security measures sufficient to reduce risks and v= ulnerabilities to a reasonable and appropriate level to:
The risk assessment is part of an on-going process to understand a=
nd manage risk. The broader process contains the following steps as per the=
documented NCSA Risk Assessment and Mitigation
All data from the risk assessment is kept confidential and not sha= red without written approval from the NCSA Security Office.
All workforce members are expected to fully cooperate with all per= sons charged with doing risk management work.