QCERT 582018 1 Table of Content Objective ISRM Methodology ISRM Scope Top 10 IS Risks Initial amp Final Residual Risks Risk Treatment Options Key IS Risks List of IS Risks Retained Avoided ID: 1029874
Download Presentation The PPT/PDF document "IS Risk Management Report (Template)" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
1. IS Risk Management Report (Template)QCERT
2. 5/8/20181Table of ContentObjectiveISRM MethodologyISRM ScopeTop 10 IS RisksInitial & Final Residual RisksRisk Treatment OptionsKey IS RisksList of IS Risks RetainedAvoidedModifiedShared
3. 5/8/20182ObjectiveThe primary objective of the Information Security Risk Management (ISRM) program is to identify, assess, treat, communicate / report and monitor information security risks. This report is intended to provide <Organization Name> management with a high level summary of the scope and approach of the ISRM program, the key risks identified and their business implications, and steps required to take to address the risks.
4. 5/8/20183ISRM MethodologyISRM process constitute following phasesIS Risk Governance1.Risk Identification2. Risk Assessment3.Risk Treatment4.Risk Communication5. Risk MonitoringScope and BoundaryPolicy & ProcedureSteering / Governance CommitteeRoles and ResponsibilitiesISRM Criteria(s)MonitorRisk TreatmentResidual RiskNew RisksIdentify changeDevelop Final ISRM ReportCommunicate Residual Risks to ManagementObtain Management ApprovalConduct awareness sessionsPerform BIAIdentifyInformation AssetsVulnerabilitiesThreatsControlsInherent RisksAssessInformation Asset Value & ClassificationVulnerability FactorThreat LikelihoodControls EffectivenessCost of ControlInitial Residual RiskSelect Treatment OptionModifyShareAvoidRetainTreat RisksFinal Residual RiskIllustrative
5. 5/8/20184ISRM Scope<The scope applies to all the information assets, technology infrastructure, information security practices and human resources involved in managing and supporting the IS environment>
6. 5/8/20185Top 10 Information Security RisksIllustrative
7. 5/8/20186Initial & Final Residual RisksIllustrative
8. 5/8/20187Risk Treatment OptionsIllustrative
9. 5/8/20188Key Information Security Risks<Provide a brief description of the top 10 IS risks; It shall include risk description, initial and final residual risk rating, risk treatment option selected and risk owner><Information Security Risk>Risk Reference #: <Risk Description>Initial Residual RiskFinal Residual RiskRisk Treatment OptionRisk Owner
10. 5/8/20189List of IS Risks - Retained<Provide a brief description of the list of risks to be retained, avoided, modified and shared for management review and approval>S. NoRisk DescriptionRisk Reference#Final Residual RiskManagement Approval (Yes / No)
11. 5/8/201810List of IS Risks - Avoided<Provide a brief description of the list of risks to be retained, avoided, modified and shared for management review and approval>S. NoRisk DescriptionRisk Reference#Final Residual RiskManagement Approval (Yes / No)
12. 5/8/201811List of IS Risks - Modified<Provide a brief description of the list of risks to be retained, avoided, modified and shared for management review and approval>S. NoRisk DescriptionRisk Reference#Final Residual RiskManagement Approval (Yes / No)
13. 5/8/201812List of IS Risks - Shared<Provide a brief description of the list of risks to be retained, avoided, modified and shared for management review and approval>S. NoRisk DescriptionRisk Reference#Final Residual RiskManagement Approval (Yes / No)
14. 5/8/2018135/8/201813For more information, visit www.motc.gov.qa