Download - It Risk Assesment Template
-
8/10/2019 It Risk Assesment Template
1/24
-
8/10/2019 It Risk Assesment Template
2/24
-
8/10/2019 It Risk Assesment Template
3/24
-
8/10/2019 It Risk Assesment Template
4/24
0
0
0
0
0
0
0
-
8/10/2019 It Risk Assesment Template
5/24
56R'ED R758 !55E5)E' )!'R79 orks"eet
AUDITOR: AUDIT: DATA CENTER
DATE:
THREATSRANK 1 2 +
RANK COMPONENTS
1
2 :!RD!RE :7;:E5' R758 /
56F'!RE 7n t"e let
-
8/10/2019 It Risk Assesment Template
6/24
!>D7'?
RISK IDENTIFICATION
F7RE 7'R>DER5 :!C8ER5% 3 @ 10 11
in Cells C%..%*.
i$"est nu&ber*
nd ne4t
-
8/10/2019 It Risk Assesment Template
7/24
-
8/10/2019 It Risk Assesment Template
8/24
R/sks So0r1e 2 C30se E44e1ts
I5te6r/t Data corruption
De4/5/t/o5:
Re8e9351e o eecti-e co&&unication
Data corruption, Errors,6&issions
'"is risk enco&passes all o t"e risksassociated #it" t"e aut"oriation,co&pleteness, and accuracy otransactions as t"ey are entered into,processed by, su&&aried by andreported on by t"e -ariousapplication syste&s deployed by anor$aniation. '"ese risks per-asi-elyapply to eac" and e-ery aspect o anapplication syste& used to support abusiness process
7nte$rity can be lost ro&?pro$ra&&in$ errors,processin$
(&aintenance*errors,
&ana$e&enterrors
ot $ettin$ t"e ri$"tdatainor&ation to t"e ri$"t?/person/processsyste& at t"e ri$"tti&e to allo# t"e ri$"t actionto be taken
De4/5/t/o5: t"e usability andti&eliness o inor&ation t"at is eit"ercreated or su&&aried by anapplication syste&.is t"e riskassociated #it" not $ettin$ t"e ri$"tdatainor&ation to t"e ri$"tpersonprocesssyste& at t"e ri$"tti&e to allo# t"e ri$"t action to betaken.
-
8/10/2019 It Risk Assesment Template
9/24
A11ess
De4/5/t/o5:
A93/83b/8/t
7nappropriate security accessset
-
8/10/2019 It Risk Assesment Template
10/24
I54r3str01t0re
De4/5/t/o5:
Lack or #eak or$aniationplannin$
Disor$anied anddisunctional 7' decisions.Lack o proacti-e securitypolicies and procedures orinconsistent one a&on$ 75and di-isions.
t"e or$aniation does not "a-e aneecti-e inor&ation tec"nolo$yinrastructure ("ard#are, net#orks,sot#are, people and processes* toeecti-ely support t"e current anduture needs o t"e business in aneicient, cost
-
8/10/2019 It Risk Assesment Template
11/24
-
8/10/2019 It Risk Assesment Template
12/24
Do3/5 Po8/1/es
>ser 7nterace Proper se$re$ation o duties
Processin$
7nterace
Data
'"e ade=uacy o pre-enti-e andor detecti-econtrols t"at ensure t"at only -alid data canbe entered into a syste& and t"at t"e data isco&plete
Balancin$ and reconciliation controls toensure t"at data processin$ "as beenco&plete and ti&ely
'o ensure t"at data t"at "as been processedandor su&&aried is ade=uately andco&pletely trans&itted to and processed byanot"er application syste& t"at it eedsdatainor&ation to.
!de=uate data &ana$e&ent controlsincludin$ bot" t"e securityinte$rity oprocessed data and t"e eecti-e&ana$e&ent o databases and datastructures.
Data, !pplications,Report
-
8/10/2019 It Risk Assesment Template
13/24
Business Process
!pplication
et#ork
P"ysical
:o# to separate inco&patible duties #it"inan or$aniation and "o# to pro-ide t"ecorrect le-el o e&po#er&ent to peror& aunction.
Deine t"e internal application security&ec"anis&s t"at pro-ide users #it" t"especiic unctions necessary or t"e& toperor& t"eir Gobs.
Data H Data)ana$e&ent
Policies on securityrelated to users access tospeciic data or databases #it"in t"e
en-iron&ent.
Processin$En-iron&ent
5ecure t"e "ost co&puter syste& #"ereapplication syste&s and related data arestored and processed ro&.
5ecure t"e &ec"anis& used to connectusers #it" a processin$ en-iron&ent.
Policies and procedures related to P"ysicalsecurity o p"sical 75 de-ices.
Critical 75 syste&,applications anddata.
Risks t"at can be a-oided by &onitorin$peror&ance proacti-ely by addressin$syste&s issues beore a proble& occurs
Backups and contin$ency plannin$ policiesand procedures #"ere restorereco-ery
tec"ni=ues can be used to &ini&ie t"ee4tent o a disruption.
-
8/10/2019 It Risk Assesment Template
14/24
75 depart&ent&ission andor$aniation
Deine "o# 7' #ill i&pact t"e business and"o# 7' is articulated. 7t is i&portant to "a-eade=uate e4ecuti-e le-el support and buy
-
8/10/2019 It Risk Assesment Template
15/24
-
8/10/2019 It Risk Assesment Template
16/24
-
8/10/2019 It Risk Assesment Template
17/24
User I5ter431e Pro1ess/56 Error Pro1ess/56 I5ter431e
COMPONENT
ank
0
Tot38 I5te6r/tR/sk
#"et"er t"ere are ade=uaterestrictions o-er #"ic" indi-iduals in
an or$aniation are aut"oried toperor& businesssyste& unctionsbased on t"eir Gob need and t"e needto enorce a reasonable se$re$ationo duties. 6t"er risks in t"is arearelate to t"e ade=uacy o pre-enti-eandor detecti-e controls t"at ensuret"at only -alid data can be enteredinto a syste& and t"at t"e data isco&plete.
#"et"er t"ere are ade=uatepre-enti-e or detecti-e
balancin$ and reconciliationcontrols to ensure t"at dataprocessin$ "as beenco&plete and ti&ely. '"is riskarea also enco&passes risksassociated #it" t"e accuracyand inte$rity o reports(#"et"er or not t"ey areprinted* used to su&&arieresults andor &ake businessdecisions.
#"et"er t"ere areade=uate processes
and ot"er syste&&et"ods to ensure t"atany dataentryprocessin$e4ceptions t"at arecaptured areade=uately correctedand reprocessedaccurately, co&pletelyand on a ti&ely basis
#"et"er t"ere areade=uate pre-enti
detecti-e controls ensure t"at data t"been processed asu&&aried isade=uately andco&pletely trans&and processed byanot"er applicatiosyste& t"at it eeddatainor&ation to
-
8/10/2019 It Risk Assesment Template
18/24
3t3
"ese risks are associated #it"ade=uate data &ana$e&ent
ntrols includin$ bot" t"ecurityinte$rity o processed datand t"e eecti-e &ana$e&ent oatabases and data structures.te$rity can be lost because oo$ra&&in$ errors (e.$., $ood dataprocessed by incorrect pro$ra&s*,ocessin$ errors (e.$., transactionse incorrectly processed &ore t"an
nce a$ainst t"e sa&e &aster ile*,&ana$e&entprocess errors (e.$.,
oor &ana$e&ent o t"e syste&saintenance process*.
-
8/10/2019 It Risk Assesment Template
19/24
T'REATS 'otal Rele-ance Risk
COMPONENTS Rank
Rank
t"e usability and ti&eliness o inor&ationt"at is eit"er created or su&&aried byan application syste&.is t"e riskassociated #it" not $ettin$ t"e ri$"t
datainor&ation to t"e ri$"tpersonprocesssyste& at t"e ri$"t ti&e toallo# t"e ri$"t action to be taken.
-
8/10/2019 It Risk Assesment Template
20/24
T'REATS A;;8/13t/o5 Net
-
8/10/2019 It Risk Assesment Template
21/24
T'REATS Tot38 A93/83b/8/t R/sk
Rank
Rank
0
R/sks th3t 135 be39o/>e> bo5/tor/56;er4or351e
R/sks 3sso1/3te>/sr0;t/o5s tosste
COMPONENTS
and proacti-elyaddressin$ syste&sissues beore aproble& occurs
#"ererestorereco-erytec"ni=ues can beused to &ini&iet"e e4tent o adisruption
-
8/10/2019 It Risk Assesment Template
22/24
-
8/10/2019 It Risk Assesment Template
23/24
T'REATS
Rank
0
'otal7nrastructure Risk
Or635/?3t/o5P8355/56
A;;8/13t/o5 sste>e4/5/t/o5 35>>e;8oe5t
.o6/138 se10r/t35> se10r/t3>/5/str3t/o5
COMPON
ENTSt"at t"e deinitiono "o# 7' #illi&pact t"ebusiness areclearly deined andarticulated. 7t isi&portant to "a-eade=uate e4ecuti-ele-el support andbuy
-
8/10/2019 It Risk Assesment Template
24/24