Audit

General

Describe the purpose of this IT security risk assessment

Describe the scope of the risk assessment

List all participants including role (e.g. system owner, system custodian, network manager etc.)

Describe key technology components including commercial software

Describe how users access the system and their intended use of the system

Risk Assessment

Click Add Vulnerability (+) after you have identified a vulnerability or threat source

Vulnerability
Threat Source & Vulnerability

Observation

Threat source/ vulnerability

Enter threat/ vulnerability

Evidence (flow diagrams, screenshots etc.) (optional)

Existing controls

Risk rating

Consequence

Likelihood

Risk rating

Recommended Controls

Recommended controls or alternative options for reducing risk

Completion

Recommendations

Signature
Please note that this checklist is a hypothetical example and provides basic information only. It is not intended to take the place of, among other things, workplace, health and safety advice; medical advice, diagnosis, or treatment; or other applicable laws. You should also seek your own professional advice to determine if the use of such checklist is permissible in your workplace or jurisdiction.