Risk-Threat Assessment 1
Table of Contents
DOCUMENT PURPOSE AND MISSION.................................................................................................2
1
INFO8930
,Risk-Threat Assessment 2
ROLES AND RESPONSIBILITIES......................................................................................................... 3
PROGRAM SCOPE AND BOUNDARIES...............................................................................................4
CRITERIA............................................................................................................................................... 5
STEPS.................................................................................................................................................... 5
1. SETUP.................................................................................................................................................6
2. DATA ELEMENT INVENTORY..................................................................................................................7
3. THREAT SEVERITY................................................................................................................................8
Frequency & Impact Definitions......................................................................................................................... 8
Frequency & Impact Weightings...................................................................................................................... 11
Risk Tolerance Level....................................................................................................................................... 12
Threat Severity Analysis.................................................................................................................................. 12
4. RISK RESPONSE.................................................................................................................................13
5. MITIGATED CONTROL MATURITY.........................................................................................................14
6. RESULTS............................................................................................................................................14
REVISION HISTORY............................................................................................................................ 16
REFERENCES...................................................................................................................................... 16
Document Purpose and Mission
This document’s purpose is to describe the procedure in which threat and risk assessments
(TRAs) could be implemented for Choco Cake. This document is used to analyze a system to
check the flaws in the system and suggests some ways to tackle those before it occurs. A
vulnerability in the system can result in a security breach and it could be accidentally triggered
by the intervention of humans.
2
INFO8930
, Risk-Threat Assessment 3
This is meant to be part of the larger risk management program for Coco Cake and will align
with the objectives and goals set out in the program.
This document will not provide good results when used individually so it is better to use with
the Threat and Risk Assessment Tool to provide repeatable results.
Roles and Responsibilities
The following individuals are responsible for carrying out threat and risk assessments. As
some individuals are always included in these kinds of assessments. This may be a Risk
Manager or Chief Information Officer. It is not necessary to have the same individuals in every
project, as it depends on the projects.
Chief Information Officer (CIO)- CIO is responsible for handling overall risk-threat
assessment and saves the organization from unacceptable cost and manages the processes
such as planning and budgeting.
Risk Manager – Risk manager job is to develop and implement such systems that help the
company to manage the risks effectively, and will improve strategy, risk management policy as
well as the framework.
Senior Management- Senior management tracks staff to ensure that functional and business
elements working are associated with risk management policy. He will also check out the
areas so that risks can be identified in the system.
Provider – Provider is responsible for carrying out IT services such as security and manages
incidents and threats in the organization. Provider also design, integrate and operate controls
in the business, and report on status regarding controls, threat and compliance.
3
INFO8930
Table of Contents
DOCUMENT PURPOSE AND MISSION.................................................................................................2
1
INFO8930
,Risk-Threat Assessment 2
ROLES AND RESPONSIBILITIES......................................................................................................... 3
PROGRAM SCOPE AND BOUNDARIES...............................................................................................4
CRITERIA............................................................................................................................................... 5
STEPS.................................................................................................................................................... 5
1. SETUP.................................................................................................................................................6
2. DATA ELEMENT INVENTORY..................................................................................................................7
3. THREAT SEVERITY................................................................................................................................8
Frequency & Impact Definitions......................................................................................................................... 8
Frequency & Impact Weightings...................................................................................................................... 11
Risk Tolerance Level....................................................................................................................................... 12
Threat Severity Analysis.................................................................................................................................. 12
4. RISK RESPONSE.................................................................................................................................13
5. MITIGATED CONTROL MATURITY.........................................................................................................14
6. RESULTS............................................................................................................................................14
REVISION HISTORY............................................................................................................................ 16
REFERENCES...................................................................................................................................... 16
Document Purpose and Mission
This document’s purpose is to describe the procedure in which threat and risk assessments
(TRAs) could be implemented for Choco Cake. This document is used to analyze a system to
check the flaws in the system and suggests some ways to tackle those before it occurs. A
vulnerability in the system can result in a security breach and it could be accidentally triggered
by the intervention of humans.
2
INFO8930
, Risk-Threat Assessment 3
This is meant to be part of the larger risk management program for Coco Cake and will align
with the objectives and goals set out in the program.
This document will not provide good results when used individually so it is better to use with
the Threat and Risk Assessment Tool to provide repeatable results.
Roles and Responsibilities
The following individuals are responsible for carrying out threat and risk assessments. As
some individuals are always included in these kinds of assessments. This may be a Risk
Manager or Chief Information Officer. It is not necessary to have the same individuals in every
project, as it depends on the projects.
Chief Information Officer (CIO)- CIO is responsible for handling overall risk-threat
assessment and saves the organization from unacceptable cost and manages the processes
such as planning and budgeting.
Risk Manager – Risk manager job is to develop and implement such systems that help the
company to manage the risks effectively, and will improve strategy, risk management policy as
well as the framework.
Senior Management- Senior management tracks staff to ensure that functional and business
elements working are associated with risk management policy. He will also check out the
areas so that risks can be identified in the system.
Provider – Provider is responsible for carrying out IT services such as security and manages
incidents and threats in the organization. Provider also design, integrate and operate controls
in the business, and report on status regarding controls, threat and compliance.
3
INFO8930
