Risk Management
Information Technology Risk Management is concerned with the identification, assessment and prioritization of Information Technology risk so that appropriate mitigating strategies can be determined and controls applied to reduce the probability and or impact to an actively accepted level based on the risk appetite of the organization.
The primary categories of Information Technology risk that have been identified by Enterprise Risk Management at McMaster University are Information Security and Technology risk. Information security risk relates to the principles of confidentiality and integrity of information and the systems that support them. Technology risk relates to the principle of availability of technology and its ability to provide information and services when required.
Technology risk can be directly linked to Disaster Recovery Planning and Business Continuity Planning activities.
Information Security Risk...
That the University does not provide appropriate security controls to protect information in a manner that limits unauthorized or accidental disclosure, access, modification or destruction thus exposing the University to an increased potential damage and inability to achieve its strategies and objectives.
- McMaster Enterprise Risk Management
Technology Risk...
That the University does not renew or maintain adequate or common systems and networks and is not sufficiently leveraging advancements in technology thus impacting the ability to achieve the University's strategic priorities and objectives.
- McMaster Enterprise Risk Management
Risk Management Framework...
The Information Technology risk management process is based on the McMaster University Enterprise Risk Management framework which describes the process as:
- Determining the context of the risk management activity
- Assessing the risk through the identification of threats, the analysis of the likelihood and impact, and the evaluation of existing controls and determination of mitigating strategies to reduce risk
- Approving and implementing the controls to treat or mitigate the risks identified
- Monitoring the implemented controls to ascertain if risk is reduced to expected level
- Communicating the effectiveness of the mitigating strategies in reducing risk to the appropriate oversight individual or committee
Principles of Information Technology Security...
CONFIDENTIALITY - Information is disclosed to only those who have the right to know
INTEGRITY - Information is protected against unauthorized or accidental modification
AVAILABILITY - Information is available and usable when required by authorized individuals
Influencing Factors...
FIPPA - Freedom of Information and Protection of Privacy Act - McMaster FIPPA information FIPPA is a legislated act detailing the requirements of organizations to maintain accurate records of, provide access to, and protect from unauthorized disclosure of personal information.
PHIPA - Personal Health Information Protection Act PHIPA is a legislated act, similar in principle to FIPPA, that includes health information of the individual.
PCI-DSS – Payment Card Industry Data Security Standard - McMaster Payment Card information PCI compliance is concerned with the protection of credit card information for the prevention of credit card fraud.
Forward with Integrity A letter from the President outlining the priorities and principles he believes will best help shape the University's development.
Vision 20/20 Provides strategic direction for technology supporting McMaster's Academic, Research and Administrative mission
References:
*IT Governance Institute, COBIT 4.1, USA, 2007
*IT Governance Institute, COBIT Security Baseline, 2nd Edition, USA, 2007
*International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC), Information technology — Security techniques — Code of practice for information security management, ISO/IEC 27002:2005, Switzerland, 2008
*Pritam Bankar, Sharad Verma, COBIT Focus Vol.2. - Mapping PCI DSS v2.0 With COBIT 4.1, April 2011
*IT Governance Institute, COBIT 5 - Enabling Processes, USA, 2012
*IT Governance Institute, Aligning COBIT® 4.1, ITIL® V3 and ISO/IEC 27002 for Business Benefit, USA, 2008
Notice
Upgrade your MAC ID password today
McMaster is strengthening its password system and all MAC ID passwords established before February 19, 2013 must be changed.
- Upgrade before
May 29, 2013
Service Desk
| Hours: | Monday - Friday 8:30 am - 4:30 pm |
|---|---|
| Phone: | 905-525-9140 x24357 (2HELP) |
| Email: | uts@mcmaster.ca |
| Location: | Main Campus BSB Rm. 245 |
| Service Catalogue: | |
| http://www.mcmaster.ca/uts | |
Service Bulletins
- There are no Service Bulletins at this time