Information Security Risk Self-Assessment and Inventory Standard
Purpose
The Information Security Office is responsible for reporting information security vulnerabilities, risks and campus security standard compliance to campus management and the Chancellor's office. Campus information authorities and departments heads are responsible for providing annual updates about their department's use and storage of protected (level 1 and level 2) information and their compliance with campus security standards.
A. Information Authority Responsibilities
Information authorities, deans, department directors, and vice presidents are responsible for providing annual updates about their department’s use of protected (level 1 and level 2) information and compliance with campus security standards. This report is due in May each year.
To assist with reporting, forms are provided.
B. Annual Report Submitted to Information Security Office in May
The annual update is a self-assessment report of information security risk and an inventory report of level 1 and level 2 information stored on department servers and applications. Forms are provided to submit the information.
- Level 1 Information Asset Inventory form for workstations (XLS)
- Level 1 and 2 Information Asset Inventory form for servers (XLS)
Implementation
| Effective Date: | 9/1/2010 |
|---|---|
| Review Frequency: | Annual |
| Responsible Officer: | Campus Information Security Officer |
Revision History
| Date | Action | Pages |
|---|---|---|
| 2/20/2013 | Revised for 2013 assessment cycle. Posted to web and notifications to campus Information Security Coordinators | All |
| 5/3/2012 | Revised for 2012 assessment cycle. Posted to web and notifications to campus Information Security Coordinators. | All |
| 8/26/2010 | Released final version for posting on the web and notified campus constitutents | All |
| 5/20/2010 | Reviewed and consulted with Information Resource Management Policy and Planning Committee (IRMPPC) | All |
| 4/21/2010 | Reviewed and consulted with Administrative Advisory Committee on Computing (AACC) | All |
| 4/16/2010 | Reviewed and consulted with Instructional Advisory Committee on Computing (IACC) | All |
| 3/3/2010 | Reviewed and consulted with LAN Coordinators | All |
| 2/23/2010 | Reviewed and consulted with Information Security Committee | All |
| 2/17/2010 | Reviewed and consulted with Information Security Management Team | All |
| 1/26/2010-8/26/2010 | Made additions and revisions for Cal Poly | All |
| 1/26/2010 | Acquired source document from Cal Poly Pomona | All |
Â
