PM-9: Risk Management Strategy

Privacy Baseline: Yes

The Tarleton State University (Tarleton) Chief Information Security Officer (CISO) or their designee is responsible for:
- Developing a comprehensive strategy to manage:
  - Security risks associated with Tarleton operations and assets, individuals, and other organizations related to the use and operation of Tarleton’s information resources; and
  - Privacy risks to individuals resulting from the authorized processing of personally identifiable information (PII).
Implementing a risk management strategy consistently across the organization; and
Ensuring that this strategy is periodically reviewed and updated, as needed.