Title Page
-
Conducted on
-
System Owner
-
Prepared by
General
-
Describe the purpose of this IT security risk assessment
-
Describe the scope of the risk assessment
-
List all participants including role (e.g. system owner, system custodian, network manager etc.)
-
Describe key technology components including commercial software
-
Describe how users access the system and their intended use of the system
Risk Assessment
-
Click Add Vulnerability (+) after you have identified a vulnerability or threat source
Vulnerability
Threat Source & Vulnerability
-
Observation
-
Threat source/ vulnerability
- Hardware Fault
- Software Fault
- Human Error
- Intentional Outsider
- Intentional Insider
- Other
-
Enter threat/ vulnerability
-
Evidence (flow diagrams, screenshots etc.) (optional)
-
Existing controls
Risk rating
-
Consequence
-
Likelihood
-
Risk rating
Recommended Controls
-
Recommended controls or alternative options for reducing risk
Completion
-
Recommendations
-
Signature