Educause Security Discussion mailing list archives
Re: memorandum of understanding for risk transfer
From: Brad Judy <brad.judy () CU EDU>
Date: Mon, 26 Oct 2015 18:40:09 +0000
You can see the document for this process at the University of Colorado here: http://www.cu.edu/sites/default/files/Information-Risk-Acceptance-Process-CJ.doc Brad Judy Director of Information Security University Information Systems University of Colorado 1800 Grant Street, Suite 300 Denver, CO 80203 Office: (303) 860-4293 Fax: (303) 860-4302 www.cu.edu<http://www.cu.edu> [cu-logo_fl] From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Glen Shere Sent: Monday, October 26, 2015 12:28 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] memorandum of understanding for risk transfer I am searching for examples of, or templates for, a memorandum of understanding prepared by information security staff and endorsed by senior management, that: (a) documents an identified and ongoing information security risk; (b) documents that senior management elects to accept the identified risk rather than allocate resources required to address it; and (c) explicitly releases information security staff from accountability for managing that risk. If your organization has a standard template to create this documentation as the need arises, I am interested in what ever you can share. Real examples are even better, but given the frequently sensitive nature of these documents, I am interested only in the documents you are comfortable sharing. I recall that several attendees of the EDUCAUSE Security Professionals Conference called these "risk transfer memos", but various permutations of that Google search does not yield anything useful. If you call them something else, what do you call them? Thank you in advance. Glen Shere Ohio Northern University
Current thread:
- memorandum of understanding for risk transfer Glen Shere (Oct 26)
- Re: memorandum of understanding for risk transfer Brad Judy (Oct 26)