RISK ASSESSMENT REPORT TEMPLATE - ODU - Old 风险评估报告模板ODU岁.doc

Old Dominion UniversityInformation Technology Risk Assessment For  Risk Assessment Annual Document Review History The Risk Assessment is reviewed, at least annually, and the date and reviewer recorded on the table below. Review Date\Comments Reviewer Table of Contents 1 INTRODUCTION 1 2 IT SYSTEM CHARACTERIZATION 2 3 RISK IDENTIFICATION 6 4 CONTROL ANALYSIS 8 5 RISK LIKELIHOOD DETERMINATION 11 6 IMPACT ANALYSIS 13 7 RISK DETERMINATION 15 8 RECOMMENDATIONS 17 9 RESULTS DOCUMENTATION 18 List of Exhibits Exhibit 1: Risk Assessment Matrix 18 List of Figures Figure 1 – IT System Boundary Diagram 4 Figure 2 – Information Flow Diagram 5 List of Tables Table A: Risk Classifications 1 Table B: IT System Inventory and Definition 2 Table D: Vulnerabilities, Threats, and Risks 5 Table E: Security Controls 6 Table F: Risks-Controls-Factors Correlation 8 Table G: Risk Likelihood Definitions 9 Table H: Risk Likelihood Ratings 9 Table I: Risk Impact Rating Definitions 13 Table J: Risk Impact Analysis 13 Table K: Overall Risk Rating Matrix 15 Table L: Overall Risk Ratings Table 15 Table M: Recommendations 17 1 INTRODUCTION Participants: Risk assessment participants, their IT roles (System Owner, Data Owner, etc.), roles in their department and any specific role taken in the System Risk Assessment. Assessment Techniques: The techniques used to gather the necessary information (the use of tools, use of questionnaires, vendor input, area expertise input, system component documentation). Table A: Risk Classifications Risk Level Risk Description Necessary Actions High The loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets or individuals. Moderate The loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets or individuals. Low The los