Scribd Logo
Upload

Welcome to Scribd!

  • IsmRiskManagementResults Security Assessment 2016-01-16

    Uploaded by

    Bob Mulumba
    48 views10 pages
    IsmRiskManagementResults Security Assessment 2016-01-16

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    IsmRiskManagementResults Security Assessment 2016-01-16

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    48 views10 pages

    IsmRiskManagementResults Security Assessment 2016-01-16

    Uploaded by

    Bob Mulumba
    IsmRiskManagementResults Security Assessment 2016-01-16

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 10

    IS Risk Assessment

    Scope / Client:

    Security Assessment

    Date:

    16 janvier 2016

    Risk Assessment
    Risk Acceptance Criteria
    The following risk assessment was performed as detailed in
    the approved risk assessment method and is in accordance
    with international standard ISO / IEC 27005.
    Risk acceptance criteria shown on the left are defined in the
    risk assessment policy and approved by senior management.
    Confidentiality: property that information is not made available or disclosed to unauthorized individuals, entities, or processes
    Integrity: property of protecting the accuracy and completeness of assets
    Availability: property of information being accessible and usable upon demand by an authorized entity
    (ISO/IEC 27000:2009)

    Category

    Tolerable risk level

    Risk Classification
    RED: The risk exceeds the risk acceptance criteria and must be addressed according to the risk assessment policy.
    YELLOW: The risk falls just under the risk acceptance criteria. It may need to be addressed according to the risk
    assessment policy.
    GREEN: The risk falls within risk acceptance criteria.

    Client:
    Date printed:
    1

    10

    Security Assessment
    16 janv. 2016 19:01 (refer to the electronic document for the current release)
    (c) 2011 SerNet - all rights reserved
    Confidential

    IS Risk Assessment

    Identified Risks

    Remaining Risks with implemented Controls

    Client:
    Date printed:
    2

    10

    Security Assessment
    16 janv. 2016 19:01 (refer to the electronic document for the current release)
    (c) 2011 SerNet - all rights reserved
    Confidential

    IS Risk Assessment

    Assets with High Risks (without Controls)


    Asset
    Assets with High Risks (with implemented Controls)
    Asset

    Client:
    Date printed:
    3

    10

    Risk

    Risk

    Security Assessment
    16 janv. 2016 19:01 (refer to the electronic document for the current release)
    (c) 2011 SerNet - all rights reserved
    Confidential

    IS Risk Assessment

    High Risk Areas without Controls

    Client:
    Date printed:
    4

    10

    Security Assessment
    16 janv. 2016 19:01 (refer to the electronic document for the current release)
    (c) 2011 SerNet - all rights reserved
    Confidential

    IS Risk Assessment

    High Risk Areas with implemented Controls

    Client:
    Date printed:
    5

    10

    Security Assessment
    16 janv. 2016 19:01 (refer to the electronic document for the current release)
    (c) 2011 SerNet - all rights reserved
    Confidential

    IS Risk Assessment

    Risk Matrix: Confidentiality (without Controls)


    Number of identified Risks

    Total Count

    Impact
    0
    1
    2
    3
    Probability
    0
    Exception Exception Exception Exception
    while
    while
    while
    while
    executing executing executing executing
    query:
    query:
    query:
    query:
    Sourced Sourced Sourced Sourced
    file:
    file:
    file:
    file:
    inline
    inline
    inline
    inline
    evaluation evaluation evaluation evaluation
    of:
    of:
    of:
    of:
    ``import ``import ``import ``import
    sernet.hui.common.*;
    sernet.hui.common.*;
    sernet.hui.common.*;
    sernet.hui.common.*;
    import
    import
    import
    import
    sernet.gs.ui.rcp.main.service.crudcommands.*;
    sernet.gs.ui.rcp.main.service.crudcommands.*;
    sernet.gs.ui.rcp.main.service.crudcommands.*;
    sernet.gs.ui.rcp.main.service.crudcommands.*;
    ...
    ...
    ...
    ...
    '' :
    '' :
    '' :
    '' :
    Method
    Method
    Method
    Method
    Invocation Invocation Invocation Invocation
    helper.execute
    helper.execute
    helper.execute
    helper.execute
    Table shows the number of identified risks and their severity.
    See below for classification of probability and business impact
    levels.

    Risk Matrix: Integrity (without Controls)


    Number of identified Risks
    Impact
    Probability
    0

    Total Count
    2

    Exception
    Exception
    Exception
    while
    while
    while
    executing
    executing
    executing
    query:
    query:
    query:
    Sourced
    Sourced
    Sourced
    file: inline
    file: inline
    file: inline
    evaluation
    evaluation
    evaluation
    of: ``import of: ``import of: ``import
    sernet.hui.common.*;
    sernet.hui.common.*;
    sernet.hui.common.*;
    import
    import
    import
    sernet.gs.ui.rcp.main.service.crudcommands.*;
    sernet.gs.ui.rcp.main.service.crudcommands.*;
    sernet.gs.ui.rcp.main.service.crudcommands.*;
    ...
    ...
    ...
    '' : Method
    '' : Method
    '' : Method
    Invocation
    Invocation Invocation
    helper.executehelper.executehelper.execute

    Table shows the number of identified risks and their severity.


    See below for classification of probability and business
    impact levels.

    Client:
    Date printed:
    6

    10

    Security Assessment
    16 janv. 2016 19:01 (refer to the electronic document for the current release)
    (c) 2011 SerNet - all rights reserved
    Confidential

    IS Risk Assessment

    Risk Matrix: Availability (without Controls)


    Number of identified Risks

    Total Count

    Impact
    0
    1
    2
    3
    4
    Probability
    0
    Exception
    ExceptionExceptionExceptionException
    while while
    while
    while
    while
    executing
    executingexecutingexecutingexecuting
    query: query: query: query: query:
    SourcedSourced Sourced Sourced Sourced
    file:
    file:
    file:
    file:
    file:
    inline inline
    inline
    inline
    inline
    evaluation
    evaluation
    evaluation
    evaluation
    evaluation
    of:
    of:
    of:
    of:
    of:
    ``import``import ``import ``import ``import
    sernet.hui.common.*;
    sernet.hui.common.*;
    sernet.hui.common.*;
    sernet.hui.common.*;
    sernet.hui.common.*;
    import import import import import
    sernet.gs.ui.rcp.main.service.crudcommands.*;
    sernet.gs.ui.rcp.main.service.crudcommands.*;
    sernet.gs.ui.rcp.main.service.crudcommands.*;
    sernet.gs.ui.rcp.main.service.crudcommands.*;
    sernet.gs.ui.rcp.main.service.crudcommands.*;
    ...
    ...
    ...
    ...
    ...
    '' :
    '' :
    '' :
    '' :
    '' :
    Method Method Method Method Method
    Invocation
    Invocation
    Invocation
    Invocation
    Invocation
    helper.execute
    helper.execute
    helper.execute
    helper.execute
    helper.execute
    Table shows the number of identified risks and their severity.
    See below for classification of probability and business
    impact levels.

    Client:
    Date printed:
    7

    10

    Security Assessment
    16 janv. 2016 19:01 (refer to the electronic document for the current release)
    (c) 2011 SerNet - all rights reserved
    Confidential

    IS Risk Assessment

    Business Impact and Risk Classification


    Business Impact Classification
    Confidentiality
    Integrity
    Availability
    Threat Classification
    Vulnerability Classification

    Client:
    Date printed:
    8

    10

    Security Assessment
    16 janv. 2016 19:01 (refer to the electronic document for the current release)
    (c) 2011 SerNet - all rights reserved
    Confidential

    IS Risk Assessment

    Remaining High Risks (with implemented Controls)


    Process

    Client:
    Date printed:
    9

    10

    Asset

    Scenario

    Overall

    Security Assessment
    16 janv. 2016 19:01 (refer to the electronic document for the current release)
    (c) 2011 SerNet - all rights reserved
    Confidential

    IS Risk Assessment

    Detailed Risk Assessment (without Controls)

    Client:
    Date printed:
    10 /

    10

    Security Assessment
    16 janv. 2016 19:01 (refer to the electronic document for the current release)
    (c) 2011 SerNet - all rights reserved
    Confidential

    You might also like