Business Impact and Risk, Threat, and Vulnerability

Use of the Internet and the Web provides a direct line from anywhere in the world into the BCC networks and computers attached to the networks. Appropriate IT security demands that this type of access is not allowed, but the use of the Web is such a vital part of communicating in the modern world and is such a significant part of fulfilling the educational and administrative missions of the college, whatever risks exist in the use of these resources are minor in comparison with their positive business impact. Because a presence on the Web may be a legitimate function of any BCC individual or unit, carefully articulating the BCC IT security policies, standards, and expectations becomes a critical factor in assuring the security of the computing and communications resources under BCC's responsibility. Any accidental or malicious misuse of these resources could put college instructional and business systems at great risk.

Given the high level of access to internal systems that potentially exist with the use of the Internet and the Web, the most significant threats to BCC include:

1. Accidental and/or maliciously-caused loss or denial of vital services
2. Accidental and/or malicious destruction or disclosure of critical BCC data
3. Unauthorized access to data and/or computing processes, allowing theft, fraud or the malicious spread of misinformation
4. Outside users maliciously increasing privileges to include unauthorized access to systems
5. Malicious and/or unauthorized access to controlling components (e.g., routers, DNS, domain controllers)
6. Loss of revenue, loss of reputation and user dissatisfaction

Given the nature of the assets affected by use of the Internet and the Web, all of these risks are very significant, and could cause considerable loss and harm to BCC.