Scribd
Upload
101 views8 pages

Information Security Risk Assessment Template

Uploaded by

aurore laroche
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
101 views8 pages

Information Security Risk Assessment Template

Uploaded by

aurore laroche
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd

INFORMATION

SECURITY RISK
ASSESSMENT

Distribution of Risk Levels


7

6
High
6
1

Medium 6

Low 3
5

3
3

1
1

0
High Medium Low

Legend:
Risk Level Range of Score

Low 1-10

Medium 11-20

High 21-25

CHOOSE & DOWNLOAD MORE RISK ASSESSMENT TEMPLATES


Likelihood Impact
Risk ID Risk Description
(1-5) (1-5)

ISRA-001 Unauthorized access to sensitive data 5 5

ISRA-002 Phishing attacks targeting employees 5 4

ISRA-003 Insider threats (malicious or accidental) 3 5

ISRA-004 Vulnerabilities in software and systems 4 3

ISRA-005 Data loss due to hardware failure or corruption 5 3

ISRA-006 Distributed Denial of Service (DDoS) attacks 3 2

ISRA-007 Data breaches during transmission over networks 3 5

ISRA-008 Lack of physical security for IT infrastructure 2 3

ISRA-009 Social engineering attacks 5 2

ISRA-010 Third-party security risks (vendors, suppliers) 4 3


© TEMPLATE.NET
Risk Score
(Lx Risk Level Mitigation Strategy
I)

25 High Implement role-based access controls, encryption

20 Medium Conduct regular security awareness training

15 Medium Implement employee monitoring, access restriction policies

12 Medium Regularly update software, perform vulnerability scans

15 Medium Implement regular backups, redundant storage

6 Low Implement DDoS protection services

15 Medium Use encryption for data in transit

6 Low Implement access controls, CCTV monitoring

10 Low Enhance employee training, implement strict verification

12 Medium Perform third-party security assessments, contract review


Current Status

No breaches reported in past year

No major incidents in past 6 months

No incidents reported in past year

Patch management process in place

Backup system tested regularly

No DDoS attacks reported recently

No data breaches reported recently

Regular security audits conducted

No major incidents reported recently

Ongoing monitoring of third parties

You might also like