IsmRiskManagementResults Security Assessment 2016-01-16
-
Upload
bob-mulumba -
Category
Documents
-
view
214 -
download
0
Transcript of IsmRiskManagementResults Security Assessment 2016-01-16
-
8/15/2019 IsmRiskManagementResults Security Assessment 2016-01-16
1/10
IS Risk Assessment
Client: Security AssessmentDate printed: 16 janv. 2016 19:01 (refer to the electronic document for the current release)
c 2011 SerNet - all ri hts reserved
Scope / Client: Security AssessmentDate: 16 janvier 2016
Risk Assessment
Risk Acceptance Criteria
Category Tolerable risk level The following risk assessment was performed as detailed inthe approved risk assessment method and is in accordancewith international standard ISO / IEC 27005.Risk acceptance criteria shown on the left are defined in therisk assessment policy and approved by senior management.
Confidentiality : property that information is not made available or disclosed to unauthorized individuals, entities, or processesIntegrity : property of protecting the accuracy and completeness of assetsAvailability : property of information being accessible and usable upon demand by an authorized entity(ISO/IEC 27000:2009)
Risk Classification
RED: The risk exceeds the risk acceptance criteria and must be addressed according to the risk assessment policy.YELLOW: The risk falls just under the risk acceptance criteria. It may need to be addressed according to the riskassessment policy.GREEN: The risk falls within risk acceptance criteria.
-
8/15/2019 IsmRiskManagementResults Security Assessment 2016-01-16
2/10
IS Risk Assessment
Client: Security AssessmentDate printed: 16 janv. 2016 19:01 (refer to the electronic document for the current release)
c 2011 SerNet - all ri hts reserved
Identified Risks
Remaining Risks with implemented Controls
-
8/15/2019 IsmRiskManagementResults Security Assessment 2016-01-16
3/10
IS Risk Assessment
Client: Security AssessmentDate printed: 16 janv. 2016 19:01 (refer to the electronic document for the current release)
c 2011 SerNet - all ri hts reserved
Assets with High Risks (without Controls)
Asset RiskAssets with High Risks (with implemented Controls)
Asset Risk
-
8/15/2019 IsmRiskManagementResults Security Assessment 2016-01-16
4/10
IS Risk Assessment
Client: Security AssessmentDate printed: 16 janv. 2016 19:01 (refer to the electronic document for the current release)
c 2011 SerNet - all ri hts reserved
High Risk Areas without Controls
-
8/15/2019 IsmRiskManagementResults Security Assessment 2016-01-16
5/10
IS Risk Assessment
Client: Security AssessmentDate printed: 16 janv. 2016 19:01 (refer to the electronic document for the current release)
c 2011 SerNet - all ri hts reserved
High Risk Areas with implemented Controls
-
8/15/2019 IsmRiskManagementResults Security Assessment 2016-01-16
6/10
IS Risk Assessment
Client: Security AssessmentDate printed: 16 janv. 2016 19:01 (refer to the electronic document for the current release)
c 2011 SerNet - all ri hts reserved
Risk Matrix: Confidentiality (without Controls)
Number of identified Risks
Impact 0 1 2 3Probability
0 Exceptionwhile
executingquery:
Sourcedfile:
inlineevaluation
of:``import
sernet.huiimportsernet.gs.
'' :Method
Invocatiohelper.ex
Exceptionwhile
executingquery:
Sourcedfile:
inlineevaluation
of:``import
sernet.huiimportsernet.gs.
'' :Method
Invocatiohelper.ex
Exceptionwhile
executingquery:
Sourcedfile:
inlineevaluation
of:``import
sernet.huiimportsernet.gs.
'' :Method
Invocationhelper.exe
Exceptionwhile
executingquery:
Sourcedfile:
inlineevaluation
of:``import
sernet.huiimportsernet.gs.
'' :Method
Invocatiohelper.ex
Table shows the number of identified risks and their severity.See below for classification of probability and business impactlevels.
Total Count
Risk Matrix: Integrity (without Controls)
Number of identified Risks
Impact 0 1 2Probability
0 Exceptionwhile
executingquery:
Sourcedfile: inlineevaluationof: ``import
sernet.hui.coimport
sernet.gs.ui.'' : MethodInvocation
helper.execu
Exceptionwhile
executingquery:
Sourcedfile: inlineevaluationof: ``import
sernet.hui.coimport
sernet.gs.ui.'' : MethodInvocation
helper.execu
Exceptionwhile
executingquery:
Sourcedfile: inlineevaluationof: ``importsernet.hui.c
importsernet.gs.ui.'' : MethodInvocation
helper.execu
Table shows the number of identified risks and their severity.See below for classification of probability and businessimpact levels.
Total Count
-
8/15/2019 IsmRiskManagementResults Security Assessment 2016-01-16
7/10
IS Risk Assessment
Client: Security AssessmentDate printed: 16 janv. 2016 19:01 (refer to the electronic document for the current release)
c 2011 SerNet - all ri hts reserved
Risk Matrix: Availability (without Controls)
Number of identified Risks
Impact 0 1 2 3 4Probability
0 Excepwhileexecutquery:Sourc
file:inlineevalua
of:``imposernet.importsernet.
'' :MethoInvocahelper.
Exceptiwhile
executinquery:
Sourcedfile:
inlineevaluati
of:``importsernet.himportsernet.g
'' :MethodInvocatihelper.e
Exceptiwhile
executinquery:
Sourcedfile:
inlineevaluati
of:``importsernet.himportsernet.g
'' :MethodInvocatihelper.e
Exceptiwhile
executinquery:
Sourcedfile:
inlineevaluati
of:``importsernet.himportsernet.g
'' :MethodInvocatihelper.e
Exceptiwhile
executinquery:
Sourcedfile:
inlineevaluati
of:``importsernet.himportsernet.g
'' :MethodInvocatihelper.e
Table shows the number of identified risks and their severity.See below for classification of probability and businessimpact levels.
Total Count
-
8/15/2019 IsmRiskManagementResults Security Assessment 2016-01-16
8/10
IS Risk Assessment
Client: Security AssessmentDate printed: 16 janv. 2016 19:01 (refer to the electronic document for the current release)
c 2011 SerNet - all ri hts reserved
Business Impact and Risk ClassificationBusiness Impact ClassificationConfidentiality Integrity Availability Threat Classification
Vulnerability Classification
-
8/15/2019 IsmRiskManagementResults Security Assessment 2016-01-16
9/10
IS Risk Assessment
Client: Security AssessmentDate printed: 16 janv. 2016 19:01 (refer to the electronic document for the current release)
c 2011 SerNet - all ri hts reserved
Remaining High Risks (with implemented Controls)
Process Asset Scenario C I A Overall
-
8/15/2019 IsmRiskManagementResults Security Assessment 2016-01-16
10/10
IS Risk Assessment
Client: Security AssessmentDate printed: 16 janv. 2016 19:01 (refer to the electronic document for the current release)
Detailed Risk Assessment (without Controls)