Presentation is loading. Please wait.

Presentation is loading. Please wait.

IS Risk Management Report (Template)

Published byBertha Rich Modified over 5 years ago

Similar presentations

Presentation on theme: "IS Risk Management Report (Template)"— Presentation transcript:

1 IS Risk Management Report (Template)
QCERT

2 Table of Content Objective ISRM Methodology ISRM Scope Top 10 IS Risks
Initial & Final Residual Risks Risk Treatment Options Key IS Risks List of IS Risks Retained Avoided Modified Shared 2/24/2019

3 Objective The primary objective of the Information Security Risk Management (ISRM) program is to identify, assess, treat, communicate / report and monitor information security risks. This report is intended to provide <Organization Name> management with a high level summary of the scope and approach of the ISRM program, the key risks identified and their business implications, and steps required to take to address the risks. 2/24/2019

4 ISRM Methodology Illustrative ISRM process constitute following phases
Scope and Boundary Policy & Procedure Steering / Governance Committee Roles and Responsibilities ISRM Criteria(s) Perform BIA Identify Information Assets Vulnerabilities Threats Controls Inherent Risks 1. Risk Identification 2. Risk Assessment 5. Risk Monitoring Monitor Risk Treatment Residual Risk New Risks Identify change Assess Information Asset Value & Classification Vulnerability Factor Threat Likelihood Controls Effectiveness Cost of Control Initial Residual Risk Illustrative IS Risk Governance 4. Risk Communication 3. Risk Treatment Develop Final ISRM Report Communicate Residual Risks to Management Obtain Management Approval Conduct awareness sessions Select Treatment Option Modify Share Avoid Retain Treat Risks Final Residual Risk 2/24/2019

5 ISRM Scope <The scope applies to all the information assets, technology infrastructure, information security practices and human resources involved in managing and supporting the IS environment> 2/24/2019

6 Top 10 Information Security Risks
Illustrative 2/24/2019

7 Initial & Final Residual Risks
Illustrative 2/24/2019

8 Risk Treatment Options
Illustrative 2/24/2019

9 Key Information Security Risks
<Provide a brief description of the top 10 IS risks; It shall include risk description, initial and final residual risk rating, risk treatment option selected and risk owner> <Information Security Risk> Risk Reference #: <Risk Description> Initial Residual Risk Final Residual Risk Risk Treatment Option Risk Owner 2/24/2019

10 List of IS Risks - Retained
<Provide a brief description of the list of risks to be retained, avoided, modified and shared for management review and approval> S. No Risk Description Risk Reference# Final Residual Risk Management Approval (Yes / No) 2/24/2019

11 List of IS Risks - Avoided
<Provide a brief description of the list of risks to be retained, avoided, modified and shared for management review and approval> S. No Risk Description Risk Reference# Final Residual Risk Management Approval (Yes / No) 2/24/2019

12 List of IS Risks - Modified
<Provide a brief description of the list of risks to be retained, avoided, modified and shared for management review and approval> S. No Risk Description Risk Reference# Final Residual Risk Management Approval (Yes / No) 2/24/2019

13 List of IS Risks - Shared
<Provide a brief description of the list of risks to be retained, avoided, modified and shared for management review and approval> S. No Risk Description Risk Reference# Final Residual Risk Management Approval (Yes / No) 2/24/2019

14 For more information, visit www.motc.gov.qa
2/24/2019 2/24/2019 13

Download ppt "IS Risk Management Report (Template)"

Similar presentations

Developing a Risk-Based Information Security Program

Developing a Risk-Based Information Security Program
Progress on Risk Assessment......continued Ms. Albana Gjinopulli, MPA Mr. Stanislav Buchkov.

Progress on Risk Assessment......continued Ms. Albana Gjinopulli, MPA Mr. Stanislav Buchkov.
Title Presented by: For: Date:. Summary The summary is intended to provide the audience with a quick overview and basic understanding of the essential.

Title Presented by: For: Date:. Summary The summary is intended to provide the audience with a quick overview and basic understanding of the essential.
Environmental Management System (EMS)

Environmental Management System (EMS)
Service Design – Section 4.5 Service Continuity Management.

Service Design – Section 4.5 Service Continuity Management.
First Practice - Information Security Management System Implementation and ISO 27001 Certification.

First Practice - Information Security Management System Implementation and ISO Certification.
Risk Management.

Risk Management.
Session 3 – Information Security Policies

Session 3 – Information Security Policies
April 3-5, 2005Security Professionals Conference - 2005 Ways to Fit Security Risk Management to Your Environment Using the OCTAVE Methodology Tailoring.

April 3-5, 2005Security Professionals Conference Ways to Fit Security Risk Management to Your Environment Using the OCTAVE Methodology Tailoring.
Change Management Initiative. Definitions What is a change? – A change is the addition, modification or removal of anything that could have an effect.

Change Management Initiative. Definitions What is a change? – A change is the addition, modification or removal of anything that could have an effect.
November 2008 Michael Smith (SAIC) Steve Lockwood (PB Consult) NCHRP Project SP20-59 (17) CAPTA Costing Asset Protection: An All Hazards Guide for Transportation.

November 2008 Michael Smith (SAIC) Steve Lockwood (PB Consult) NCHRP Project SP20-59 (17) CAPTA Costing Asset Protection: An All Hazards Guide for Transportation.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2.

Lecture 30 Information Security (Cont’d). Overview Organizational Structures Roles and Responsibilities Information Classification Risk Management 2.
Risk assessment of integrated Electronic Health Records EFMI STC 2010 – 3 June 2010 Gudlaug Sigurdardottir Bjarni Thor Bjornsson.

Risk assessment of integrated Electronic Health Records EFMI STC 2010 – 3 June 2010 Gudlaug Sigurdardottir Bjarni Thor Bjornsson.
Basics of OHSAS Occupational Health & Safety Management System

Basics of OHSAS Occupational Health & Safety Management System
Visit us at E mail: Tele: +91-79-2656 5405www.globalmanagergroup.com.

Visit us at E mail: Tele: www.globalmanagergroup.com.
Applied Technology Services, Inc. Your Partner in Technology www.appliedtechnologyservices.com Applied Technology Services, Inc. Your Partner in Technology.

Applied Technology Services, Inc. Your Partner in Technology Applied Technology Services, Inc. Your Partner in Technology.
1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.

1 Chapter Three IT Risks and Controls. 2 The Risk Management Process Identify IT Risks Assess IT Risks Identify IT Controls Document IT Controls Monitor.
Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.

Chapter 3 資訊安全管理系統. 4.1 General Requirements Develop, implement, maintain and continually improve a documented ISMS Process based on PDCA.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Similar presentations

Ads by Google