Lakhasly

Risk Identification and Assessment Texas Wesleyan intends to undertake efforts to identify and assess external and internal risks to the security, confidentiality, and integrity of nonpublic financial information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information. The IT Infrastructure Services Director will establish procedures for identifying and assessing such risks in each relevant area of the Institution's operations, including: Employee training and management. The IT Infrastructure Services Director will coordinate with representatives in the Institution's Human Resources and Financial Aid offices to evaluate the effectiveness of the Institution's procedures and practices relating to access to and use of student records, including financial aid information. This evaluation will include assessing the effectiveness of the Institution's current policies and procedures in this area. Information Systems and Information Processing and Disposal. The IT Infrastructure Services Director will assess the risks to nonpublic financial information associated with the Institution's information systems, including network and software design, information processing, and the storage, transmission and disposal of nonpublic . This evaluation will include assessing the Institution's current policies and procedures relating to Acceptable Use Policy and Records Management Policy. The IT Infrastructure Services Director will also assess procedures for monitoring potential information security threats associated with software systems and for updating such systems by, among other things, implementing patches or other software fixes designed to deal with known security flaws. Detecting, Preventing and Responding to Attacks. The IT Infrastructure Services Director will evaluate procedures for and methods of detecting, preventing and responding to attacks or other system failures and existing network access and security policies and procedures, as well as procedures for coordinating responses to network attacks and developing incident response teams and policies. In this regard, the IT Infrastructure Services Director may elect to delegate to a representative of the Information Technology Department the responsibility for monitoring and participating in the dissemination of information related to the reporting of known security attacks and other threats to the integrity of networks utilized by the Institution. Designing and Implementing Safeguards The risk assessment and analysis described above shall apply to all methods of handling or disposing of nonpublic financial information, whether in electronic, paper or other form. The IT Infrastructure Services Director will, on a regular basis, implement safeguards to control the risks identified through such assessments and to regularly test or otherwise monitor the effectiveness of such safeguards. Such testing and monitoring may be accomplished through existing network monitoring and problem escalation procedures. Overseeing Service Providers The IT Infrastructure Services Director shall coordinate with those responsible for the third party service procurement activities among the Information Technology Department and other affected departments to raise awareness of, and to institute methods for, selecting and retaining only those service providers that are capable of maintaining appropriate safeguards for nonpublic financial information of students and other third parties to which they will have access. These standards shall apply to all existing and future contracts entered into with such third party service providers. Adjustments to Program The IT Infrastructure Services Director is responsible for evaluating and adjusting the Program based on the risk identification and assessment activities undertaken pursuant to the Program, as well as any material changes to the Institution's operations or other circumstances that may have a material impact on the Program.