首页 风险评估模板

风险评估模板

风险评估模板RISKASSESSMENTREPORTTEMPLATEInformationTechnologyRiskAssessmentForRiskAssessmentReportRiskAssessmentAnnualDocumentReviewHistoryTheRiskAssessmentisreviewed,atleastannually,andthedateandreviewerrecordedonthetablebelow.ReviewDateRevieweriRiskAssessmentReportTABLE...

RISKASSESSMENTREPORTTEMPLATEInformationTechnologyRiskAssessmentForRiskAssessmentReportRiskAssessmentAnnualDocumentReviewHistoryTheRiskAssessmentisreviewed,atleastannually,andthedateandreviewerrecordedonthetablebelow.ReviewDateRevieweriRiskAssessmentReportTABLEOFCONTENTS1INTRODUCTION12ITSYSTEMCHARACTERIZATION23RISKIDENTIFICATION64CONTROLANALYSIS85RISKLIKELIHOODDETERMINATION116IMPACTANALYSIS137RISKDETERMINATION158RECOMMENDATIONS179RESULTSDOCUMENTATION18LISTOFEXHIBITSEXHIBIT1:RISKASSESSMENTMATRIX18LISTOFFIGURESFIGURE1–ITSBOUNDARYDIAGRAM.................................................................................4YSTEMFIGURE2–INFORMATIONFLOWDIAGRAM.....................................................................................5LISTOFTABLESTABLEA:RISKCLASSIFICATIONS1TABLEB:ITSYSTEMINVENTORYANDDEFINITION2TABLEC:THREATSIDENTIFIED4TABLED:VULNERABILITIES,THREATS,ANDRISKS5TABLEE:SECURITYCONTROLS6TABLEF:RISKS-CONTROLS-FACTORSCORRELATION8TABLEG:RISKLIKELIHOODDEFINITIONS9TABLEH:RISKLIKELIHOODRATINGS9TABLEI:RISKIMPACTRATINGDEFINITIONS13TABLEJ:RISKIMPACTANALYSIS13TABLEK:OVERALLRISKRATINGMATRIX15TABLEL:OVERALLRISKRATINGSTABLE15TABLEM:RECOMMENDATIONS17iiRiskAssessmentReport1INTRODUCTIONRiskassessmentparticipants:Participantrolesintheriskassessmentinrelationassignedagencyresponsibilities:Riskassessmenttechniquesused:TableA:RiskClassificationsRiskLevelRiskDescription&NecessaryActionsHighThelossofconfidentiality,integrity,oravailabilitycouldbeexpectedtohaveasevereorcatastrophicadverseeffectonorganizationaloperations,organizationalassetsorindividuals.ModerateThelossofconfidentiality,integrity,oravailabilitycouldbeexpectedtohaveaseriousadverseeffectonorganizationaloperations,organizationalassetsorindividuals.LowThelossofconfidentiality,integrity,oravailabilitycouldbeexpectedtohavealimitedadverseeffectonorganizationaloperations,organizationalassetsorindividuals.1RiskAssessmentReport2ITSYSTEMCHARACTERIZATION2RiskAssessmentReport2ITSYSTEMCHARACTERIZATIONTableB:ITSystemInventoryandDefinitionITSystemInventoryandDefinitionDocumentI.ITSystemIdentificationandOwnershipITSystemIDITSystemCommonNameOwnedByPhysicalLocationMajorBusinessFunctionSystemOwnerSystemAdministrator(s)PhoneNumberPhoneNumberDataOwner(s)DataCustodian(s)PhoneNumber(s)PhoneNumber(s)OtherRelevantInformationII.ITSystemBoundaryandComponentsITSystemDescriptionandComponentsITSystemInterfacesITSystemBoundaryIII.ITSystemInterconnections(addadditionallines,asneeded)AgencyorITSystemNameITSystemITSystemOwnerInterconnectionSecurityOrganizationIDAgreementStatusTableB:ITSystemInventoryandDefinition(continued)3RiskAssessmentReportOverallITSystemSensitivityRatingMustbe“high”ifsensitivityofanydatatypeisrated“high”onanycriterionOverallITHIGHMODERATELOWSystemSensitivityITSystemClassificationRatingandMustbe“Sensitive”ifoverallsensitivityis“high”;consideras“Sensitive”ifoveClassificationis“moderate”SN-SENSITIVEONENSITIVEDescriptionordiagramofthesystemandnetworkarchitecture,includingallcomponentsofthesystemandcommunicationslinksconnectingthecomponentsofthesystem,associateddatacommunicationsandnetworks:Figure1–ITSystemBoundaryDiagramDescriptionoradiagramdepictingtheflowofinformationtoandfromtheITsystem,includinginputsandoutputstotheITsystemandanyotherinterfacesthatexisttothesystem:4RiskAssessmentReportFigure2–InformationFlowDiagram5RiskAssessmentReport3RISKIDENTIFICATIONIdentificationofVulnerabilitiesVulnerabilitieswereidentifiedby:IdentificationofThreatsThreatswereidentifiedby:ThethreatsidentifiedarelistedinTableC.TableC:ThreatsIdentifiedIdentificationofRisksRiskswereidentifiedby:ThewayvulnerabilitiescombinewithcrediblethreatstocreaterisksisidentifiedTableD.6RiskAssessmentReportTableD:Vulnerabilities,Threats,andRisksRiskThreatRiskofRiskSummaryVulnerabilityCompromiseofNo.123456789101112131415161718192021222324257RiskAssessmentReport4CONTROLANALYSISTableEdocumentstheITsecuritycontrolsinplaceandplannedfortheITsystem.ControlArea1.1ITSecurityRoles&Responsibilities1.2BusinessImpactAnalysis1.3ITSystem&DataSensitivityClassification1.4ITSystemInventory&Definition1.5RiskAssessment1.6ITSecurityAudits2.1ContinuityofOperationsPlanning2.2ITDisasterRecoveryPlanning2.3ITSystem&DataBackup&Restoration3.1ITSystemHardening3.2ITSystemsInteroperabilitySecurity3.3MaliciousCodeProtection3.4ITSystemsDevelopmentLifeCycleSecurityTableE:SecurityControlsIn-Place/DescriptionofControlsPlanned1RiskManagement2ITContingencyPlanning3ITSystemsSecurity4LogicalAccessControl4.1AccountManagement8ControlArea4.2PasswordManagement4.3RemoteAccess4.4DataStorageMediaProtection4.5Encryption6.1FacilitiesSecurity7.1AccessDetermination&Control7.2ITSecurityAwareness&Training7.3AcceptableUse8.1ThreatDetection8.2IncidentHandling8.3SecurityMonitoring&Logging9.1ITAssetControl9.2SoftwareLicenseManagement9.3ConfigurationManagement&ChangeControlRiskAssessmentReportIn-Place/DescriptionofControlsPlanned5DataProtection6FacilitiesSecurity7PersonnelSecurity8ThreatManagement9ITAssetManagement9RiskAssessmentReportTableEcorrelatestherisksidentifiedinTableCwithrelevantITsecuritycontrolsdocumentedinTableDandwithothermitigatingorexacerbatingfactors.TableF:Risks-Controls-FactorsCorrelationRiskRiskSummaryNo.12345678910111213141516171819202122232425CorrelationofRelevantControls&OtherFactors10RiskAssessmentReport5RISKLIKELIHOODDETERMINATIONTableGdefinestherisklikelihoodratings.EffectivenessofControlsLowModerateHighTableG:RiskLikelihoodDefinitionsProbabilityofThreatOccurrence(NaturalorEnvironmentalThreats)orThreatMotivationandCapability(HumanThreats)LowModerateHighModerateHighHighLowModerateHighLowLowModerateTableG,evaluatestheeffectivenessofcontrolsandtheprobabilityormotivationandcapabilityofeachthreattoBFSandassignsalikelihood,asdefinedinTableF,toeachriskdocumentedinTableC.TableH:RiskLikelihoodRatingsRiskRiskLikelihoodEvaluationRiskLikelihoodRiskSummaryRatingNo.1234567891011121314151617181911RiskAssessmentReportRiskRiskLikelihoodEvaluationRiskLikelihoodRiskSummaryRatingNo.20212223242512RiskAssessmentReport6IMPACTANALYSISTableIdocumentstheratingsusedtoevaluatetheimpactofrisks.TableI:RiskImpactRatingDefinitionsMagnitudeImpactDefinitionofImpactHighOccurrenceoftherisk:(1)mayresultinhumandeathorseriousinjury;(2)mayresultinthelossofmajorCOVtangibleassets,resourcesorsensitivedata;or(3)maysignificantlyharm,orimpedetheCOV’smission,reputationorinterest.ModerateOccurrenceoftherisk:(1)mayresultinhumaninjury;(2)mayresultinthecostlylossofCOVtangibleassetsorresources;or(3)mayviolate,harm,orimpedetheCOV’smission,reputationorinterest.LowOccurrenceoftherisk:(1)mayresultinthelossofsometangibleCOVassetsorresourcesor(2)maynoticeablyaffecttheCOV’smission,reputationorinterest.TableJdocumentstheresultsoftheimpactanalysis,includingtheestimatedimpactforeachriskidentifiedinTableDandtheimpactratingassignedtotherisk.TableJ:RiskImpactAnalysisRiskRiskImpactRiskImpactRiskSummaryRatingNo.123456789101112131415161713RiskAssessmentReportRiskRiskImpactRiskImpactRiskSummaryRatingNo.1819202122232425Descriptionofprocessusedindeterminingimpactratings:14RiskAssessmentReport7RISKDETERMINATIONTableKdocumentsthecriteriausedindeterminingoverallriskratings.TableK:OverallRiskRatingMatrixRiskLikelihoodHigh(1.0)Moderate(0.5)Low(0.1)RiskImpactLowModerateHigh(10)(50)(100)LowModerateHigh10x1.0=1050x1.0=50100x1.0=100LowModerateModerate10x0.5=550x0.5=25100x0.5=50LowLowLow10x0.1=150x0.1=5100x0.1=10RiskScale:Low(1to10);Moderate(>10to50);High(>50to100)TableLassignsanoverallriskrating,asdefinedinTableK,toeachoftherisksdocumentedinTableD.TableL:OverallRiskRatingsTableRiskRiskSummaryRiskLikelihoodRiskImpactOverallRiskNo.RatingRatingRating123456789101112131415161718192015RiskAssessmentReportRiskRiskSummaryRiskLikelihoodRiskImpactOverallRiskNo.RatingRatingRating2122232425Descriptionofprocessusedindeterminingoverallriskratings:16RiskAssessmentReport8RECOMMENDATIONSTableMdocumentsrecommendationsfortherisksidentifiedinTableD.TableM:RecommendationsRiskRiskRatingRecommendationsRiskNo.1234567891011121314151617181920212223242517RiskAssessmentReport9RESULTSDOCUMENTATIONExhibit1:RiskAssessmentMatrixRiskRiskRiskRiskOverallRiskAnalysisofRelevantThreatRiskLikelihoodImpactControlsandOtherRecommendationsVulnerabilitySummaryRatingNo.RatingRatingFactors1234567891011121314151617181920212223242518

                    本文档为【风险评估模板】，请使用软件OFFICE或WPS软件打开。作品中的文字与图均可以修改和编辑，
                    图片更改请在作品中右键图片并更换，文字修改请直接点击文字进行修改，也可以新增和删除文档中的内容。 
 该文档来自用户分享，如有侵权行为请发邮件ishare@vip.sina.com联系网站客服，我们会及时删除。

                    [版权声明] 本站所有资料为用户分享产生，若发现您的权利被侵害，请联系客服邮件isharekefu@iask.cn，我们尽快处理。

                    本作品所展示的图片、画像、字体、音乐的版权可能需版权方额外授权，请谨慎使用。

                    网站提供的党政主题相关内容(国旗、国徽、党徽..)目的在于配合国家政策宣传，仅限个人学习分享使用，禁止用于任何广告和商用目的。
                

下载需要：免费已有0 人下载

立即下载

风险评估模板

你可能还喜欢