Oregon State University

501: Risk Assessment

Information Security Policies & Procedures Manual
Section 500: Security Operations
Effective: 01/11/2010
Revised: 02/20/2014


The purpose of this section is to articulate how OSU will conduct risk assessment by first proactive and then reactive means.


TThe proactive component will include the conducting of regular risk assessments on systems declared critical by the University, or on systems that house or process Protected or Sensitive Information by the Office of Information Security or by Internal Audit or an agent acting on their behalf. This will ensure that data elements identified as Protected or Sensitive have the appropriate security measures in place to protect them.

The reactive component of risk assessment will be a periodic review of information security incidents.  The Chief Information Security Officer will periodically review the tracked information security incidents and will identify problem areas to be addressed in an Annual Information Security report to the Chief Information Officer.

Contact Info

Site Maintained by: Office of Human Resources
Oregon State University, Corvallis, OR 97331
Contact us with your comments, questions and feedback
Copyright © 2009 Oregon State University | Disclaimer
Copyright ©  2014 Oregon State University