英文版风险评估模板27p

合集下载

相关主题

1、下载文档前请自行甄别文档内容的完整性，平台不提供额外的编辑、内容补充、找答案等附加服务。
2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
3、如文档侵犯您的权益，请联系客服反馈,我们会尽快为您处理(人工客服工作时间：9:00-18:30)。

【经典资料，ＷＯＲＤ文档，可编辑修改】

【经典考试资料，答案附后，看后必过，ＷＯＲＤ文档，可修改】

RISK ASSESSMENT REPORT TEMPLATE

Information Technology Risk Assessment For

Risk Assessment Annual Document Review History

T ABLE OF C ONTENTS

1INTRODUCTION (1)

2IT SYSTEM CHARACTERIZATION (2)

3RISK IDENTIFICATION (6)

4CONTROL ANALYSIS (8)

5RISK LIKELIHOOD DETERMINATION (12)

6IMPACT ANALYSIS (14)

7RISK DETERMINATION (16)

8RECOMMENDATIONS (18)

9RESULTS DOCUMENTATION (20)

L IST OF E XHIBITS

E XHIBIT 1:R ISK A SSESSMENT M ATRIX (20)

L IST OF F IGURES

F IGURE 1–IT S YSTEM B OUNDARY D IAGRAM (4)

F IGURE 2–I NFORMATION F LOW D IAGRAM (5)

L IST OF T ABLES

T ABLE A: R ISK C LASSIFICATIONS (1)

T ABLE B: IT S YSTEM I NVENTORY AND D EFINITION (2)

T ABLE C: T HREATS I DENTIFIED (4)

T ABLE D: V ULNERABILITIES,T HREATS, AND R ISKS (5)

T ABLE E:S ECURITY C ONTROLS (6)

T ABLE F:R ISKS-C ONTROLS-F ACTORS C ORRELATION (8)

T ABLE G:R ISK L IKELIHOOD D EFINITIONS (9)

T ABLE H:R ISK L IKELIHOOD R ATINGS (9)

T ABLE I:R ISK I MPACT R ATING D EFINITIONS (14)

T ABLE J:R ISK I MPACT A NALYSIS (14)

T ABLE K:O VERALL R ISK R ATING M ATRIX (16)

T ABLE L: O VERALL R ISK R ATINGS T ABLE (16)

T ABLE M: R ECOMMENDATIONS (18)

1 INTRODUCTION

Risk assessment participants:

Participant roles in the risk assessment in relation assigned agency responsibilities: Risk assessment techniques used:

2 IT SYSTEM CHARACTERIZATION

Sensitivity Rating and Classification

⁭H IGH⁭M ODERATE⁭L OW

IT System Classification

Must be “Sensitive” if overall sensitivity is “high”; consider as “Sensitive” if overall

sensitivity is “moderate”

⁭S ENSITIVE⁭N ON-S ENSITIVE

Description or diagram of the system and network architecture, including all components of the system and communications links connecting the components of the system, associated data communications and networks:

Figure 1 – IT System Boundary Diagram

Description or a diagram depicting the flow of information to and from the IT system, including inputs and outputs to the IT system and any other interfaces that exist to the system:

Figure 2 – Information Flow Diagram

3 RISK IDENTIFICATION

Identification of Vulnerabilities

Vulnerabilities were identified by:

Identification of Threats

Threats were identified by:

Identification of Risks

Risks were identified by:

The way vulnerabilities combine with credible threats to create risks is identified Table D.