Mary Grace is business owner of learning management software (LMS). She has reached out to cyber security team after performing a data classification for her software. The data classification type is sensitive, and the solution will host less than 1000 records. If all other cyber risk rating criteria are not met, what is the cyber risk rating for the software?

Which of the following statements is true regarding the Cyber Security Risk Rating for UNSW Information Resources?

Resources.

Select all the correct information resource type categories in the Risk Management Standard (Select multiple correct choices)

Regulatory Compliance (Critical Infrastructure) control is required for information resources irrespective of the risk ratings or the type of delivery

Match the cyber risk rating with the level of controls required as per the Risk Management Standard

It is mandatory for all persons with physical access to UNSW Data Centres and on-campus IT Hosting locations to be authorised irrespective of the risk rating of the information resource

The Risk Management Standard does not differentiate between a UNSW entity and non UNSW entity in terms of prescribing the controls required for the information service based on the risk rating