Risk Assessment Report On The Asset Under The Company 's Information Asset Or Data Classification Policy

Risk Assessment Report On The Asset Under The Company 's Information Asset Or Data Classification Policy

Length: 2695 words (7.7 double-spaced pages)

Rating: Strong Essays

Open Document

Essay Preview

During the system characterization step, the system under review is comprehensively understood and the underlying technology base for the risk assessment is identified. This step will define the organization’s systems and identify the system boundaries, elements, users, and network infrastructure, if applicable. This step will also assess the value of the asset and classify the asset under the company’s information asset or data classification policy.
The risk assessment report will normally include the following:
 Purpose of the risk assessment—what are the predefined objectives that this risk assessment is supposed to achieve?
 Description of the technology base of the system or what the system is composed of—depending on the depth of the risk assessment, this can be a single component or a list of components that make up the system to include hardware, software, and other assets such as personnel.
 System boundaries may include routers, firewalls, switches, or other types of physical or network access control devices. System boundaries are where systems or components of that system integrate or “touch” each other. The point at which they “touch” is considered the boundary point. Boundary points are usually seen at the network devices such as firewalls or routers, but they can also be at the software level, where one software application integrates with another software application.
 Inventory sheets of the systems included in the assessment include all of the actual devices, computers, hardware, software, etc. that make up the system under review. The inventory sheet should also include a classification of the component based on the organization’s data classification scheme.
 The list of users and their roles within the sy...


... middle of paper ...


...ider it 100% because some form of risk is always inherent to technology. For instance, the battery backup may not work or be configured properly to keep the computer running when there is a sudden loss of power all the time. Thus, the PRR would then be calculated to be pretty low at around 25%. Table 3.4 shows an example of a possible rating scale and definition for the PRR.


3.1.8 Step 8—Recommendations
Recommendations should be made for any vulnerability that is considered to be medium or high risk and that requires further mitigation efforts to get down to an acceptable level. Recommendations should come from industry best practices, from technical experts providing the assessment, or from multiple respected and reliable sources. Recommendations should be fully researched and documented prior to being made and should address the appropriate weaknesses identified.

Need Writing Help?

Get feedback on grammar, clarity, concision and logic instantly.

Check your paper »