Risk Management Policy

The Information Security Risk Management Policy establishes a common framework for their IT risk management strategies. Senate Bill 5432, section 7c, requires agencies mitigate risks discovered in the environments they control. It also requires the Office of Cybersecurity to report risks that are not mitigated appropriately to the governor and appropriate committees. This policy provides agencies with a framework to satisfy this requirement.