Title Page
-
Conducted on
-
System Owner
-
Prepared by
-
Site/Location
Network Security Risk Assessment
General
-
Describe the purpose of this Network Security Risk Assessment
-
Describe the scope of the risk assessment (including system components, elements, users, field site locations (if any), and any other details about the system to be considered in the assessment)
-
List all participants including role (e.g. system owner, system custodian, security admin, database admin, network manager, risk assessment team, etc.)
-
Describe key technology components (applications, databases, operating systems, networks, interconnections, protocols)
-
Describe how users access the system and their intended use of the system
Risk Assessment
-
Click Add Vulnerability (+) after you have identified a vulnerability or threat source
Vulnerability
Threat Source & Vulnerability
-
Observation
-
Threat source/ vulnerability
- Hardware Fault
- Software Fault
- Human Error
- Intentional Outsider
- Intentional Insider
- Other
-
Enter threat/vulnerability
-
Evidence (flow diagrams, screenshots etc.) (optional)
-
Existing controls
Risk rating
-
Consequence
-
Likelihood
-
Risk rating
Recommended Controls
-
Recommended controls or alternative options for reducing risk
Completion
-
Recommendations
-
Name and Signature
