The foundation of the University's Information Security Program is its Security Risk Assessment. The Security Risk Assessment is a requirement set forth by the University System Information Security Policy and Standards Section 3.1. It is our goal, that upon completing these Risk Assessments each Campus will be able to determine the acceptable level of risk and the security requirements for the system and its corresponding facility.
Policy Adherence relates to the controls that fall outside the scope of UMS Security Risk Assessments. IT, HR, and Information Owners will self assess to determine the degree to which they are complying with the UMS Information Security Policy and Standards.
An immediate and thorough response to an Information Security incident is required by legislation and by the UMS Information Security Policy and Standards (Section 10). This plan describes the overall UMS approach to responding to incidents, outlines procedures to be followed when an incident is discovered, and provides a foundation for campuses to build local plans.