Risk Assessment Report
1. INTRODUCTION
· What you will do in this report
· Risk management and risk assessment standards
· Talk more about ISO standards why they are suitable for this case (advantages).
2. System parameters, table.
|
STAFF PC |
Windows 7, 8, etc. |
|
|
|
|
|
Servers |
Linux (Ubuntu, etc.) Windows |
|
|
|
|
|
|
|
|
|
|
|
3. Risk assessment process
a. Asset classification (primary and supporting) + Asset ID
b. In-scope/out-of-scope.
c. Define/Identify the Threat sources + Threat source IDs. (intentional/unintentional/natural)
d. Attractiveness for the threat sources (qualitative, L, M, H,)
e. Vulnerability identification. NVD database (which includes the level of vulnerability, qualitative, L, M, H)
f. Calculate risk (based on the formula, Likelihood x Impact = Risk)
i. Calculate Likelihood = Threat attractiveness x Vulnerability
ii. Define the impact levels (qualitative, L, M, H) -> explain the meaning of each level in this context/scenario.
4. Non-technical/Executive summary
· Main findings
· Risk treatment recommendation (pick some options from the 5)
References