Scribd Logo
Upload

Welcome to Scribd!

  • Appendix 1 Risk Assessment Table Preview EN

    Uploaded by

    Cumhur Dilek
    76 views32 pages

    Original Title

    Appendix_1_Risk_Assessment_Table_Preview_EN.xlsx

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    76 views32 pages

    Appendix 1 Risk Assessment Table Preview EN

    Uploaded by

    Cumhur Dilek

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 32

    [organization name] [confidentiality level]

    Risk Assessment Table implemented from [date] to [date]

    ** FREE PREVIEW VERSION **

    Asset Conseq
    No ... owner ... Vulnerability ... uence ... Risk ...

    Risk Assessment Table ver [version] from [date] Page 1 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 2 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 3 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 4 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 5 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 6 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 7 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 8 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 9 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 10 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 11 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 12 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 13 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 14 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 15 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 16 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 17 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 18 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 19 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 20 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 21 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 22 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    [organization name] [confidentiality level]

    Risk Assessment Table ver [version] from [date] Page 23 of 32


    ©2015 This template may be used by clients of EPPS Services Ltd. www.iso27001standard.com in accordance with the License Agreement.
    Categories of assets

    The following are examples of information assets which may be found in the organization.
    This list is not final. Each organization must specify its own assets which are significant for information security.

    People
    top management (members of the management board, members of the supervisory board, business unit manag
    ...
    ...
    ...
    ...
    external people who visit the organization

    Applications and databases


    application software (licensed)
    ...
    ...
    various tools
    databases

    Documentation (in paper or electronic form)


    contracts
    correspondence with clients and partners
    ...
    ...
    ...
    standards
    receipts
    ...
    ...
    ...
    decisions
    reports
    plans
    ...
    ...

    IT, communication and other equipment


    desktop computers
    laptops
    ...
    ...
    ...
    air-conditioning
    network equipment
    ...
    ...
    ...
    telephone exchange systems
    mobile phones
    PDA devices
    ...
    ...
    ...
    ...
    mobile storage media
    measuring equipment
    fax machines
    alarms
    ...
    ...
    ...
    ...

    Infrastructure
    offices
    ...
    ...
    ...
    cabinets

    Outsourced services
    electrical power supply
    ...
    ...
    information systems maintenance
    mail and courier services
    ...
    ...
    supervisory institutions
    rmation security.

    y board, business unit managers)


    Catalogue of threats

    The following is a list of threats. This list is not final. Each organization may add situation-specific threats.

    accidental change of information system data


    ...
    ...
    ...
    breach of contractual relations
    breach of legislation
    breakdown of communication links
    concealing user identity
    ...
    ...
    destruction of records
    ...
    ...
    eavesdropping
    embezzlement
    ...
    ...
    fire
    flood
    fraud
    industrial espionage
    information interception
    ...
    ...
    loss of support services
    maintenance errors
    malicious code
    ...
    ...
    other disasters (man-made)
    other disasters (natural)
    ...
    ...
    strike
    lightning strike
    terrorist attacks
    theft
    unauthorized access to the information system
    unauthorized change of records
    ...
    ...
    ...
    unauthorized use of licensed materials
    unauthorized use of software
    use of unauthorized or untested code
    ...
    ...
    specific threats.
    Catalogue of vulnerabilities

    The following is a list of vulnerabilities.


    This list is not final. Each organization may add situation-specific vulnerabilities.

    active sessions after working hours


    cable placing
    complicated user interface
    ...
    ...
    extensive powers
    inadequate capacity management
    inadequate change control
    inadequate level of knowledge and/or awareness of employees
    inadequate maintenance
    ...
    ...
    inadequate supervision of external suppliers
    inadequate supervision of the work of employees
    inadequate user rights
    ...
    ...
    lack of input and output data control
    lack of or poor internal audit implementation
    ...
    ...
    ...
    mobile equipment subject to theft
    networks accessible to unauthorized persons
    no deactivation of user accounts after termination of employment
    ...
    ...
    over-dependence on one device/system
    poor selection of test data
    sensitivity of equipment to humidity and pollution
    ...
    ...
    ...
    system-generated user accounts and passwords remain unchanged
    systems unprotected from unauthorized access
    unauthorized access to facilities allowed
    ...
    ...
    ...
    unclearly defined requirements for software development
    unclearly defined rules for access control
    unclearly defined rules for working off-premises
    ...
    ...
    uncontrolled use of information systems
    undocumented software
    ...
    ...
    use of old equipment
    weak passwords
    ** END OF FREE PREVIEW **

    To download full version of this document click here:


    http://www.iso27001standard.com/documentation/risk-assessment-table/

    You might also like