Unit 2 Discussion 1 - Risk Mitigation Policy

Nayana Communications Risk Mitigation Policy 1.0 Purpose To empower the Nayana Communication Information Security policy a periodic Information Security Risk Mitigations (RMs) must be performed to determining areas of vulnerability, and to initiate appropriate remediation. 2.0 Scope Risk Mitigations can be conducted on any entity within Nayana Communications or any outside entity that has signed a Third Party Agreement with Nayana Communications. RM can be conducted on any information system, to include applications, servers, and networks, and any process or procedure by which these systems are administered and/or maintained. 3.0 Policy The execution, development and implementation of remediation programs are the joint responsibility of Information security and the department responsible for the systems areas being assessed. Employees are expected to cooperate fully with any RM being conducted on systems for which they are held accountable. Employees are further expected to work with the Information security Risk Mitigation Team in the development of a remediation plan. 4.0 Risk Mitigation Process For additional information, go to the Risk Assessment Process.

1

5.0 Enforcement Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment. 6.0 Definitions Terms Entity Definitions Any business unit, department, group, or third party, internal or external to Nayana Communications, responsible for maintaining Nayana Communications assets. Risk Those factors that could affect confidentiality, availability, and integrity of Nayana Communications's key information assets and systems. Information security is responsible for ensuring the integrity, confidentiality, and availability of critical information and computing assets, while minimizing the impact of security procedures and policies upon business productivity.

7.0 Revision History Revision Number 1 Date Details

01/12/2013 Initial

2