Navigate to...

Overview
Complete
04 Jan 2019 / East Coast Data Center / Justine J.
IT Risk Assessment Template
Failed items
1
Created actions
0
Conducted on

4th Jan, 2019

1:26 PM +08

System Owner
East Coast Data Center
Prepared by
Justine J.
Failed items
1
Audit / Risk Assessment / Click Add Vulnerability (+) after you have identified a vulnerability or threat source / Vulnerability 2 / Risk rating
Risk rating
High
Audit
1
General
Describe the purpose of this IT security risk assessment
To assess current information security risks
Describe the scope of the risk assessment
East Coast facility
List all participants including role (e.g. system owner, system custodian, network manager etc.)
Head of IT Facility Manager
Describe key technology components including commercial software
Desktops, Laptops, Server Room, proprietary software
Describe how users access the system and their intended use of the system
staff access the system by logging in to their designated desktops, management have their designated laptops
Risk Assessment
Risk Assessment / Click Add Vulnerability (+) after you have identified a vulnerability or threat source
Risk Assessment / Click Add Vulnerability (+) after you have identified a vulnerability or threat source / Vulnerability 1
Risk Assessment / Click Add Vulnerability (+) after you have identified a vulnerability or threat source / Vulnerability 1 / Threat Source & Vulnerability
Observation
Reception desktop left unlocked
Threat source/ vulnerability
Intentional Insider
Evidence (flow diagrams, screenshots etc.) (optional)
Photos
Existing controls
Guard near the door CCTV
Risk Assessment / Click Add Vulnerability (+) after you have identified a vulnerability or threat source / Vulnerability 1 / Risk rating
Consequence
Medium
Likelihood
Unlikely
Risk rating
Medium
Risk Assessment / Click Add Vulnerability (+) after you have identified a vulnerability or threat source / Vulnerability 1 / Recommended Controls
Recommended controls or alternative options for reducing risk
Reinforce the importance of locking the PC when not in use. I will talk to Anne and remind her of our directive to improve our information security for ISO 27001 certification.
Risk Assessment / Click Add Vulnerability (+) after you have identified a vulnerability or threat source / Vulnerability 2
Risk Assessment / Click Add Vulnerability (+) after you have identified a vulnerability or threat source / Vulnerability 2 / Threat Source & Vulnerability
Observation
Laptop doesn't have password set
Threat source/ vulnerability
Intentional Outsider
Evidence (flow diagrams, screenshots etc.) (optional)
Photos
Existing controls
This was a laptop issued last month and should already have the default password before it was handed to the new staff.
Risk Assessment / Click Add Vulnerability (+) after you have identified a vulnerability or threat source / Vulnerability 2 / Risk rating
1
Consequence
High
Likelihood
Likely
Risk rating
High
Risk Assessment / Click Add Vulnerability (+) after you have identified a vulnerability or threat source / Vulnerability 2 / Recommended Controls
Recommended controls or alternative options for reducing risk
Will meet with Dan H. who issued the new laptop and his supervisor Trevor N. Will advise about a possible warning.
Risk Assessment / Click Add Vulnerability (+) after you have identified a vulnerability or threat source / Vulnerability 3
Risk Assessment / Click Add Vulnerability (+) after you have identified a vulnerability or threat source / Vulnerability 3 / Threat Source & Vulnerability
Observation
east exit's newly installed glass door magnetic locks are malfunctioning
Threat source/ vulnerability
Intentional Outsider
Evidence (flow diagrams, screenshots etc.) (optional)
Photos
Existing controls
Guard by the door and CCTV
Risk Assessment / Click Add Vulnerability (+) after you have identified a vulnerability or threat source / Vulnerability 3 / Risk rating
Consequence
High
Likelihood
Unlikely
Risk rating
Medium
Risk Assessment / Click Add Vulnerability (+) after you have identified a vulnerability or threat source / Vulnerability 3 / Recommended Controls
Recommended controls or alternative options for reducing risk
Facilities need to fix the magnetic lock. Exit will guarded 24/7 but we will not allow access to this door until this is fixed.
Completion
Recommendations
Majority of staff are still on holiday vacation but we found plenty of security risks today. Will conduct a meeting when everybody's back next week to reinforce the directive to get our ISO 27001 certification.
Signature
Justine J.
4th Jan, 2019 2:26 PM +08
Photos