Scribd Logo
Upload

Welcome to Scribd!

  • Security Thread and Vulnerability Assessment Form

    Uploaded by

    Amril Al Riza
    5 views5 pages
    The document is a security threat and vulnerability assessment form that contains a vulnerability level and assessment criteria matrix. It defines four levels of vulnerability - extreme, high, moderate, and low. For each identified security threat, the form assesses the vulnerability level and lists existing countermeasures. Fifteen common security threats are identified and analyzed using this framework.

    Original Description:

    Original Title

    Untitled

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document is a security threat and vulnerability assessment form that contains a vulnerability level and assessment criteria matrix. It defines four levels of vulnerability - extreme, high, moderate, and low. For each identified security threat, the form assesses the vulnerability level and lists existing countermeasures. Fifteen common security threats are identified and analyzed using this framework.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views5 pages

    Security Thread and Vulnerability Assessment Form

    Uploaded by

    Amril Al Riza
    The document is a security threat and vulnerability assessment form that contains a vulnerability level and assessment criteria matrix. It defines four levels of vulnerability - extreme, high, moderate, and low. For each identified security threat, the form assesses the vulnerability level and lists existing countermeasures. Fifteen common security threats are identified and analyzed using this framework.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    Security Thread and Vulnerability Assessment Form

    Vulnerability Level and Assessment Criteria Matrix

    Vulnerability Level Assessment Criteria

     Controls are non-existent, critical and urgent


    improvements have been identified.
    Extreme  It is almost certain that controls will be breached or fail.
    Vulnerability  There is recent evidence of widespread control
    failures.
     There are no contingencies in place; severe
    disruptions to the business are likely.
     Controls are largely ineffective, significant areas for
    improvement are identified.
     There is an increasingly likely probability of the
    High controls being breached.
    Vulnerability  There is recent evidence of significant numbers of
    controls being breached.
     Few contingencies are in place and significant
    disruptions to the business are expected.
     The majority of controls are functioning, but a number
    of areas for improvements are identified.
    Moderate  There is a moderate probability of the controls being
    Vulnerability breached.
     There is recent evidence of a small number of controls
    being breached.
     Contingencies are in place for only a few key areas of
    the business to manage potential disruptions.
     Controls are effective, but small improvements could
    be made.
     There is a low probability of the controls being
    Low breached in the future.
    Vulnerability  There are no recent examples of controls being
    breached.
     Adequacy of the controls is assessed on a regular
    (minimum annual) basis.
     Contingencies are in place for key areas of the
    business to manage potential disruptions to the
    business

    Form 19-1
    Revision: 000
    Date: 12 Nov 2020
    Security Thread and Vulnerability Assessment Form

    No Threat Vulnerability Level Countermeasures (in place)

    Access Control – Unauthorized Attempted Moderate 1. Restrict access to all employee data so that it cannot be
    Entry Vulnerability used by other parties.
    1
    2. Using Asset, no to control company data and only the
    owner can access
    Access Control – Unauthorized Actual Moderate 1. Restrict access to all employee data so that it cannot be
    Entry Vulnerability used by other parties.
    2
    2. Using Asset, no to control company data and only the
    owner can access
    Access Control – Badge stolen / missing Moderate 1. Restrict access to all employee data so that it cannot be
    Vulnerability used by other parties.
    3
    2. Using Asset, no to control company data and only the
    owner can access
    Access Control – Loan of identification data Moderate 1. Restrict access to all employee data so that it cannot be
    Vulnerability used by other parties.
    4
    2. Using Asset, no to control company data and only the
    owner can access
    Access Control – Disclosure of access Moderate 1. Restrict access to all employee data so that it cannot be
    codes Vulnerability used by other parties.
    5
    2. Using Asset, no to control company data and only the
    owner can access
    Alarms – Security Low Monitor key business areas to manage potential future
    6 business and workforce disruptions.
    Vulnerability
    Alarms – Fire Low Monitor key business areas to manage potential future
    7 business and workforce disruptions.
    Vulnerability
    Alarms – Environmental Low Monitor key business areas to manage potential future
    8 business and workforce disruptions.
    Vulnerability
    9 Alarms – Process Control Low Monitor key business areas to manage potential future

    Form 19-1
    Revision: 000
    Date: 12 Nov 2020
    Security Thread and Vulnerability Assessment Form

    Vulnerability business and workforce disruptions.


    Arson Moderate 1. Ensuring that all incoming personnel and guests are free
    Vulnerability from material that threatens the company's business.
    2. Providing a special gathering point in the event of a
    10
    hazardous event
    3. Setting up the security team for more detail in receiving
    guests during working hours
    Bombing – Explosion Moderate 1. Ensuring that all incoming personnel and guests are free
    Vulnerability from material that threatens the company's business.
    2. Providing a special gathering point in the event of a
    11
    hazardous event
    3. Setting up the security team for more detail in receiving
    guests during working hours
    Bombing – Incendiary Moderate 1. Ensuring that all incoming personnel and guests are free
    Vulnerability from material that threatens the company's business.
    2. Providing a special gathering point in the event of a
    12
    hazardous event
    3. Setting up the security team for more detail in receiving
    guests during working hours
    Bombing – Threat Moderate 1. Ensuring that all incoming personnel and guests are free
    Vulnerability from material that threatens the company's business.
    2. Providing a special gathering point in the event of a
    13
    hazardous event
    3. Setting up the security team for more detail in receiving
    guests during working hours
    Bombing – Intelligence / Information Low Monitor key business areas to manage potential future
    14 business and workforce disruptions.
    Vulnerability
    15 Burglary – Attempted Moderate 1. Ensuring that all incoming personnel and guests are
    Vulnerability free from material that threatens the company's
    business
    2. Providing a special gathering point in the event of a

    Form 19-1
    Revision: 000
    Date: 12 Nov 2020
    Security Thread and Vulnerability Assessment Form

    hazardous event
    3. Setting up the security team for more detail in
    receiving guests during working hours
    Burglary – Forced Entry Low Monitor key business areas to manage potential future
    16 business and workforce disruptions.
    Vulnerability
    Fire Access – Blocked Low Monitor key business areas to manage potential future
    17 business and workforce disruptions.
    Vulnerability
    Product Contamination Low Monitor key business areas to manage potential future
    18 business and workforce disruptions.
    Vulnerability
    Property Damage Low Monitor key business areas to manage potential future
    19 business and workforce disruptions.
    Vulnerability
    Robbery Low Monitor key business areas to manage potential future
    20 business and workforce disruptions.
    Vulnerability
    Sabotage – Product Tampering Low Monitor key business areas to manage potential future
    21 business and workforce disruptions.
    Vulnerability
    Sabotage – Site Facilities Low Monitor key business areas to manage potential future
    22 business and workforce disruptions.
    Vulnerability
    Sabotage – Suspected Low Monitor key business areas to manage potential future
    23 business and workforce disruptions.
    Vulnerability
    Theft – Auto Low Monitor key business areas to manage potential future
    24 business and workforce disruptions.
    Vulnerability
    Theft – From Auto Low Monitor key business areas to manage potential future
    25 business and workforce disruptions.
    Vulnerability
    Theft – Funds Low Monitor key business areas to manage potential future
    26 business and workforce disruptions.
    Vulnerability
    Theft – Product Low Monitor key business areas to manage potential future
    27 business and workforce disruptions.
    Vulnerability
    Theft – Diversion Low Monitor key business areas to manage potential future
    28 business and workforce disruptions.
    Vulnerability

    Form 19-1
    Revision: 000
    Date: 12 Nov 2020
    Security Thread and Vulnerability Assessment Form

    Theft – Misappropriation Low Monitor key business areas to manage potential future
    29 business and workforce disruptions.
    Vulnerability
    Theft – Raw materials Moderate 1. Checking Every Worker When it's time to go home.
    Vulnerability 2. Provision of CCTV in areas that are vulnerable to being
    30
    seen by the eye and difficult to monitor.
    3. Install government regulations for material theft sanctions.
    Theft – Precious Commodities Low Monitor key business areas to manage potential future
    31 business and workforce disruptions.
    Vulnerability
    Theft – Personal Items Low Monitor key business areas to manage potential future
    32 business and workforce disruptions.
    Vulnerability
    Vandalism – Malicious Mischief Low Monitor key business areas to manage potential future
    33 business and workforce disruptions.
    Vulnerability
    Vandalism - Vehicles Low Monitor key business areas to manage potential future
    34 business and workforce disruptions.
    Vulnerability

    Form 19-1
    Revision: 000
    Date: 12 Nov 2020

    You might also like