| < Day Day Up > |
|
The Risk Assessment assesses the system’s use of resources and controls (either implemented or planned) to eliminate or manage vulnerabilities that are exploitable by threats to the organization. It will also identify any of the following possible vulnerabilities:
Risks associated with the system operational configuration
System’s safeguards, threats, and vulnerabilities
New threats and risks that might exist and, therefore, will need to be addressed after the current system is replaced
Conformance with operational Security Policy
The risk assessment is a determination of vulnerabilities that, if exploited, could result in the following:
Unauthorized disclosure of sensitive information
Unauthorized modification of the system or its data
Denial of system service or access to data to authorized users
The following is a sample layout of the recommended table of contents for a risk assessment. The Core Team–appointed Risk Officer is responsible for completing this document.
1.0 Background 2.0 Purpose 3.0 Scope 4.0 Assumptions 5.0 Description of System 5.1 System Attributes 5.2 System Sensitivity 6.0 System Security 6.1 Administrative Security 6.2 Physical Security 6.3 Technical Security 6.4 Software Security
6.5 Telecommunication Security 6.6 Personnel Security 7.0 System Vulnerabilities 7.1 Technical Vulnerability 7.2 Personnel Vulnerability 7.3 Telecommunication Vulnerability 7.4 Software Vulnerability 7.5 Environmental Vulnerability 7.6 Physical Vulnerability 8.0 Glossary of Terms 9.0 Acronyms Appendix A: Information Flow Diagram Appendix B: Hardware Configuration
| < Day Day Up > |
|