Professional Documents
Culture Documents
Version 1.0
Client Name
Document Description This report identifies the risk by the process of risk assessment. It defines the controls required for modifying/reducing the risk.
Document Prepared By Initial preparation by Innovative Solutions (Consultant) and maintained by Information Security Unit (ISU)
MOHE-RPT-505 Confidential 1
Purpose of Risk Management
Constrains
Information Security Risk Management
IDENTIFY Risk Analysis Risk TREATMENT / ACTION PLAN ONGOING REVIEWS
# Asset Asset Value Threat Threat Actor (Source of the Vulnerability (s) Existing Controls Risk Assessment of Existing Controls Impact Likelihood Risk Priority Risk Owner (Department) Risk Owner Suggested Control Control Ref. Action Type Responsibility By When Status Last Reviewed Consequence Likelihood Residual Risk Review Frequency Next Review Remarks/Action Responsibility
Risk) (Designation) Date Priority Date
10
11
12
13
14
15
16
17
18
19
20
21
22
Summary of Risks
Total Risks High Risks Medium Risks Low Risks
22 7 11 4
11
22
7
Guidelines for Likelihood Ratings
§ Where possible, the likelihood of occurrence of risk should be assessed on a quantifiable basis with 5 being very high probability and 1 being very low
§ If the risk cannot be quantified, an estimation should be made based on management’s assessment and knowledge of IPA operations
Likelihood of Occurrence
Threat Capability / motivation /
Rating Probability
perception of attractiveness
Extreme financial loss with very high operating Major financial loss and increase in operating
costs cost
SAFETY
Significant multiple financial loss and increase One time financial loss is low with little
in operating cost increase in operating cost
Insignificant disclosure
Insignificant loss
2 2 4 6 8 10 8 - 14
1 1 2 3 4 5
1 2 3 4 5 1-7
Consequence
HIGH RISK
MEDIUM RISK
LOW RISK