Risk Assessment Report

profileRockStar4us
SuggestedReportstructure1.docx

1. INTRODUCTION

· What you will do in this report

· Risk management and risk assessment standards

· Talk more about ISO standards why they are suitable for this case (advantages).

2. System parameters, table.

STAFF PC

Windows 7, 8, etc.

Servers

Linux (Ubuntu, etc.)

Windows

3. Risk assessment process

a. Asset classification (primary and supporting) + Asset ID

b. In-scope/out-of-scope.

c. Define/Identify the Threat sources + Threat source IDs. (intentional/unintentional/natural)

d. Attractiveness for the threat sources (qualitative, L, M, H,)

e. Vulnerability identification. NVD database (which includes the level of vulnerability, qualitative, L, M, H)

f. Calculate risk (based on the formula, Likelihood x Impact = Risk)

i. Calculate Likelihood = Threat attractiveness x Vulnerability

ii. Define the impact levels (qualitative, L, M, H) -> explain the meaning of each level in this context/scenario.

4. Non-technical/Executive summary

· Main findings

· Risk treatment recommendation (pick some options from the 5)

References