Information Security Risk Self-Assessment and Inventory Standard

Purpose

The Information Security Office is responsible for reporting information security vulnerabilities, risks and campus security standard compliance to campus management and the Chancellor's office. Campus information authorities and departments heads are responsible for providing annual updates about their department's use and storage of protected (level 1 and level 2) information and their compliance with campus security standards.

A. Information Authority Responsibilities

Information authorities, deans, department directors, and vice presidents are responsible for providing annual updates about their department’s use of protected (level 1 and level 2) information and compliance with campus security standards. This report is due in May each year.

To assist with reporting, forms are provided.

B. Annual Report Submitted to Information Security Office in May

The annual update is a self-assessment report of information security risk and an inventory report of level 1 and level 2 information stored on department servers and applications. Forms are provided to submit the information.

  1. Level 1 Information Asset Inventory form for workstations (XLS)
  2. Level 1 and 2 Information Asset Inventory form for servers (XLS)

Implementation

Effective Date: 9/1/2010
Review Frequency: Annual
Responsible Officer: Campus Information Security Officer

Revision History

Date Action Pages
2/20/2013 Revised for 2013 assessment cycle. Posted to web and notifications to campus Information Security Coordinators All
5/3/2012 Revised for 2012 assessment cycle. Posted to web and notifications to campus Information Security Coordinators. All
8/26/2010 Released final version for posting on the web and notified campus constitutents All
5/20/2010 Reviewed and consulted with Information Resource Management Policy and Planning Committee (IRMPPC) All
4/21/2010 Reviewed and consulted with Administrative Advisory Committee on Computing (AACC) All
4/16/2010 Reviewed and consulted with Instructional Advisory Committee on Computing (IACC) All
3/3/2010 Reviewed and consulted with LAN Coordinators All
2/23/2010 Reviewed and consulted with Information Security Committee All
2/17/2010 Reviewed and consulted with Information Security Management Team All
1/26/2010-8/26/2010 Made additions and revisions for Cal Poly All
1/26/2010 Acquired source document from Cal Poly Pomona All

 

Related Content

Best Practices

10 Best Pactices

Our 10 Best Pactices

Contact Us

Contact Information Security at 756-7000

Contacts

Did you know?

Stay Safe Online Tips