i r processand system requirements（ir压过程系统需求）.docVIP

University of Colorado Information Technology Services Process Definition UCB IT Risk Management Process Revision History Revision Number Date Change Request Number Figure or Section Number A - Add M - Modify D - Delete Title or Brief Description 0.1 1-22-06 Initial Draft 0.2 1-26-06 Updated diagram, added process description text 0.3 1-27-06 Added doc diagram, added process description text 0.4 2-2-06 Changed language to be consistent with APS 0.5 2-10.06 Updated vulnerability assessment section and diagrams 0.6 2-13-06 Added sample inventory and questionnaire 0.7 2-16-06 Added text for campus wide IT risk analysis and report 2-28-06 M DRJ – page and page number formatting Table of Contents 1 Scope Rationale for IT Risk Management Plan 1 1.1 Purpose of IT risk management plan 1 1.2 Overview of IT Risk Management Process 2 1.3 Scope 3 1.4 Definitions 3 1.5 Roles and responsibilities 3 2 IT Risk Management Framework 4 2.1 Definitional Phase 4 2.2 Identify and Classify Technology Assets 4 2.3 Process and Policy Risk Identification 5 2.4 Vulnerability Assessment for Critical Assets 5 2.5 Risk Analysis 5 2.6 Mitigation 7 2.7 Campus-wide Risk Analysis and Report 7 3 Additional Documents 7 Appendix A: Sample Asset Inventory 9 Appendix B: Sample Process and Procedure Questionnaire 10 Index of Figures Figure 1: UCB IT Risk Management Process 2 Figure 2: IT Risk Analysis Document Diagram 6  Scope Rationale for IT Risk Management Plan Purpose of IT risk management plan The University of Colorado at Boulder (CU-Boulder) recognizes the need for an Information Technology (IT) risk management process to ensure performance and continuity at the University. This process is based on the fact that the campus relies on the availability and reliability of IT and this reliability will continue to grow as the campus