Identification and Assessment of Risks to Customer Information

Information Security Plan Coordinator

Design and Implementation of Safeguards Program

Information Systems

Selection of Appropriate Service Providers

Continuing Evaluation and Adjustment

Footnotes

• Unauthorized access of covered data and information by someone other than the owner of the covered data and information
• Compromised system security as a result of system access by an unauthorized person
• Interception of data during transmission
• Loss of data integrity
• Physical loss of data in a disaster
• Errors introduced into the system
• Corruption of data or systems
• Unauthorized access of covered data and information by employees
• Unauthorized requests for covered data and information
• Unauthorized access through hardcopy files or reports
• Unauthorized transfer of covered data and information through third parties

North Central State College recognizes that this may not be a complete list of the risks associated with the protection of covered data and information. Since technology growth is not static, new risks are created regularly. Accordingly, the Information Technology Division will actively participate and monitor advisory groups such as the Educause Security Institute, the Internet2 Security Working Group and SANS for identification of new risks.

North Central State College believes Information Technology’s current safeguards are reasonable and, in light of Information Technology’s current risk assessments, are sufficient to provide security and confidentiality to covered data and information maintained by the College. Additionally, these safeguards protect against currently anticipated threats or hazards to the integrity of such information.

III. Information Security Plan Coordinator