The protection of Confidential and Sensitive Information assets and the resources that support them are critical to the operation of Cumberland University (known from this point as the University). As information assets are handled they are placed at risk for potential threats of employee errors, malicious or criminal actions, theft, and fraud. Such events could cause the University to incur a loss of confidentiality or privacy, financial damages, fines, and penalties.
The purpose of this policy is to reduce the risk of a loss or breach of Confidential and Sensitive Information through guidelines designed to detect, prevent, and mitigate loss due to errors or malicious behavior. The University recognizes that absolute security against all threats is an unrealistic expectation. Therefore, the goals of risk reduction and implementation of this policy are based on:
An assessment of the Confidential and Sensitive Information handled by the University.|
The cost of preventative measures designed to detect and prevent errors or malicious behavior.|
The amount of risk that the University is willing to absorb.|
These policy guidelines were derived through a risk assessment of the University methods of handling Confidential and Sensitive Information. Determination of appropriate security measures must be a part of all operations and shall undergo periodic evaluation.