Audit

General

Describe the purpose of this IT security risk assessment

Describe the scope of the risk assessment

List all participants including role (e.g. system owner, system custodian, network manager etc.)

Describe key technology components including commercial software

Describe how users access the system and their intended use of the system

Risk Assessment

Click Add Vulnerability (+) after you have identified a vulnerability or threat source

Vulnerability
Threat Source & Vulnerability

Observation

Threat source/ vulnerability

Enter threat/ vulnerability

Evidence (flow diagrams, screenshots etc.) (optional)

Existing controls

Risk rating

Consequence

Likelihood

Risk rating

Recommended Controls

Recommended controls or alternative options for reducing risk

Completion

Recommendations

Signature