Professional Documents
Culture Documents
Scope / Client:
Security Assessment
Date:
16 janvier 2016
Risk Assessment
Risk Acceptance Criteria
The following risk assessment was performed as detailed in
the approved risk assessment method and is in accordance
with international standard ISO / IEC 27005.
Risk acceptance criteria shown on the left are defined in the
risk assessment policy and approved by senior management.
Confidentiality: property that information is not made available or disclosed to unauthorized individuals, entities, or processes
Integrity: property of protecting the accuracy and completeness of assets
Availability: property of information being accessible and usable upon demand by an authorized entity
(ISO/IEC 27000:2009)
Category
Risk Classification
RED: The risk exceeds the risk acceptance criteria and must be addressed according to the risk assessment policy.
YELLOW: The risk falls just under the risk acceptance criteria. It may need to be addressed according to the risk
assessment policy.
GREEN: The risk falls within risk acceptance criteria.
Client:
Date printed:
1
10
Security Assessment
16 janv. 2016 19:01 (refer to the electronic document for the current release)
(c) 2011 SerNet - all rights reserved
Confidential
IS Risk Assessment
Identified Risks
Client:
Date printed:
2
10
Security Assessment
16 janv. 2016 19:01 (refer to the electronic document for the current release)
(c) 2011 SerNet - all rights reserved
Confidential
IS Risk Assessment
Client:
Date printed:
3
10
Risk
Risk
Security Assessment
16 janv. 2016 19:01 (refer to the electronic document for the current release)
(c) 2011 SerNet - all rights reserved
Confidential
IS Risk Assessment
Client:
Date printed:
4
10
Security Assessment
16 janv. 2016 19:01 (refer to the electronic document for the current release)
(c) 2011 SerNet - all rights reserved
Confidential
IS Risk Assessment
Client:
Date printed:
5
10
Security Assessment
16 janv. 2016 19:01 (refer to the electronic document for the current release)
(c) 2011 SerNet - all rights reserved
Confidential
IS Risk Assessment
Total Count
Impact
0
1
2
3
Probability
0
Exception Exception Exception Exception
while
while
while
while
executing executing executing executing
query:
query:
query:
query:
Sourced Sourced Sourced Sourced
file:
file:
file:
file:
inline
inline
inline
inline
evaluation evaluation evaluation evaluation
of:
of:
of:
of:
``import ``import ``import ``import
sernet.hui.common.*;
sernet.hui.common.*;
sernet.hui.common.*;
sernet.hui.common.*;
import
import
import
import
sernet.gs.ui.rcp.main.service.crudcommands.*;
sernet.gs.ui.rcp.main.service.crudcommands.*;
sernet.gs.ui.rcp.main.service.crudcommands.*;
sernet.gs.ui.rcp.main.service.crudcommands.*;
...
...
...
...
'' :
'' :
'' :
'' :
Method
Method
Method
Method
Invocation Invocation Invocation Invocation
helper.execute
helper.execute
helper.execute
helper.execute
Table shows the number of identified risks and their severity.
See below for classification of probability and business impact
levels.
Total Count
2
Exception
Exception
Exception
while
while
while
executing
executing
executing
query:
query:
query:
Sourced
Sourced
Sourced
file: inline
file: inline
file: inline
evaluation
evaluation
evaluation
of: ``import of: ``import of: ``import
sernet.hui.common.*;
sernet.hui.common.*;
sernet.hui.common.*;
import
import
import
sernet.gs.ui.rcp.main.service.crudcommands.*;
sernet.gs.ui.rcp.main.service.crudcommands.*;
sernet.gs.ui.rcp.main.service.crudcommands.*;
...
...
...
'' : Method
'' : Method
'' : Method
Invocation
Invocation Invocation
helper.executehelper.executehelper.execute
Client:
Date printed:
6
10
Security Assessment
16 janv. 2016 19:01 (refer to the electronic document for the current release)
(c) 2011 SerNet - all rights reserved
Confidential
IS Risk Assessment
Total Count
Impact
0
1
2
3
4
Probability
0
Exception
ExceptionExceptionExceptionException
while while
while
while
while
executing
executingexecutingexecutingexecuting
query: query: query: query: query:
SourcedSourced Sourced Sourced Sourced
file:
file:
file:
file:
file:
inline inline
inline
inline
inline
evaluation
evaluation
evaluation
evaluation
evaluation
of:
of:
of:
of:
of:
``import``import ``import ``import ``import
sernet.hui.common.*;
sernet.hui.common.*;
sernet.hui.common.*;
sernet.hui.common.*;
sernet.hui.common.*;
import import import import import
sernet.gs.ui.rcp.main.service.crudcommands.*;
sernet.gs.ui.rcp.main.service.crudcommands.*;
sernet.gs.ui.rcp.main.service.crudcommands.*;
sernet.gs.ui.rcp.main.service.crudcommands.*;
sernet.gs.ui.rcp.main.service.crudcommands.*;
...
...
...
...
...
'' :
'' :
'' :
'' :
'' :
Method Method Method Method Method
Invocation
Invocation
Invocation
Invocation
Invocation
helper.execute
helper.execute
helper.execute
helper.execute
helper.execute
Table shows the number of identified risks and their severity.
See below for classification of probability and business
impact levels.
Client:
Date printed:
7
10
Security Assessment
16 janv. 2016 19:01 (refer to the electronic document for the current release)
(c) 2011 SerNet - all rights reserved
Confidential
IS Risk Assessment
Client:
Date printed:
8
10
Security Assessment
16 janv. 2016 19:01 (refer to the electronic document for the current release)
(c) 2011 SerNet - all rights reserved
Confidential
IS Risk Assessment
Client:
Date printed:
9
10
Asset
Scenario
Overall
Security Assessment
16 janv. 2016 19:01 (refer to the electronic document for the current release)
(c) 2011 SerNet - all rights reserved
Confidential
IS Risk Assessment
Client:
Date printed:
10 /
10
Security Assessment
16 janv. 2016 19:01 (refer to the electronic document for the current release)
(c) 2011 SerNet - all rights reserved
Confidential