Download Schedule of Risk Assessments for Information Security

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

Document related concepts

Financial economics wikipedia , lookup

Security interest wikipedia , lookup

Moral hazard wikipedia , lookup

Merchant account wikipedia , lookup

Risk wikipedia , lookup

Systemic risk wikipedia , lookup

Transcript 
Schedule of Risk Assessments for Information Security
February 2007
The goal of the information technology risk management process at Iowa State University is to protect
university information and university information systems from unacceptable risk. The need to perform a
systematic process of conducting a risk assessment is described in the IT Security Policy. This schedule
outlines the timing and responsibility of required periodic risk assessments under the direction of the IT
Security and Policies area. Other risk assessments may be conducted either at the discretion of the unit,
internal audit, or IT Security and Policies area. Tools for performing the risk assessment can be found at
Risk Assessment Tools and Documents for Information Security [link]
Critical Financial Functions
The departments in Business & Finance along with IT Services have identified these functions as critical to
the operation of the university. A formal risk assessment is required at least every three years. An updated
Business Impact Analysis and Risk Assessment for Information Resources is reviewed and filed by the
Director, IT Security and Policies.
Function
Responsible Unit
Procurement and payment processing
Purchasing, Controller
includes purchasing, p-card,
employee travel reimbursements,
accounts payable (voucher payment)
Payroll processing
Controller
Cash handling
Treasurer
Accounting transaction processing & reconciliation
Controller
Financial reporting
Controller
University receivables
Treasurer
FAMIS
FP&M
NACHA – The Electronic Payments Association
NACHA develops operating rules and business practices for the Automated Clearing House (ACH) Network
and for electronic payments in the areas of Internet commerce, electronic bill and invoice presentment and
payment (EBPP, EIPP), e-checks, financial electronic data interchange (EDI), international payments, and
electronic benefits transfer (EBT). Iowa State University Internal Audit conducts an annual risk assessment
based on the NACHA Operating Rules for ACH transactions originating from Web transactions.
Payment Card Industry Data Security Standard
The Payment Card Industry Data Security Standard (PCI) became effective June 30, 2005. The PCI applies
to any service provider that stores, processes or transmits cardholder data from the major credit card
provider. Currently this is VISA, MasterCard, Discover, and American Express. One of the requirements of a
service provider is to complete a self assessment form[link]. Iowa State University requires a self
assessment be completed and approved by the Treasurer and the Director, IT Security and Policies before
accepting credit card transactions. An updated self assessment is sent to the Treasurer and the Director, IT
Security and Policies annually.
Related documents
Board Member Job Description
Board Member Job Description
(1) Board Treasurer Job Description
(1) Board Treasurer Job Description
Daylighting Controller Written Specification (word document)
Daylighting Controller Written Specification (word document)
DAYLIGHTING CONTROLLER Greengate Models DLC-PDC
DAYLIGHTING CONTROLLER Greengate Models DLC-PDC
Hamid Vakilzadian West Area Chair West Area sections
Hamid Vakilzadian West Area Chair West Area sections
Radio Iowa State University 03-26-07
Radio Iowa State University 03-26-07
Human Systems (Digestive, Respiratory, Circulatory, and
Human Systems (Digestive, Respiratory, Circulatory, and
Iowa American Water Remains Committed to Protecting the
Iowa American Water Remains Committed to Protecting the
Constitution of Gay/Lesbian/Bisexual
Constitution of Gay/Lesbian/Bisexual
Working Capital Investment Policy
Working Capital Investment Policy
Java Direct Manipulation
Java Direct Manipulation
check scanning in the us market
check scanning in the us market
Contract Management Services
Contract Management Services
Industry Survey
Industry Survey