• jt

Security Risk Assessment Reports - Two Ways

Report Headings Example 1


The following is one example of how to structure a Security Risk Assessment.


  1. TERMS AND DEFINITIONS

  2. TABLE OF CONTENTS

  3. EXECUTIVE SUMMARY

  4. SCOPE, CONTEXT AND CRITERIA

  5. ASSET CRITICALITY ASSESSMENT

  6. THREAT ASSESSMENT

  7. RISK CONTROL

  8. EFFECTIVENESS ASSESSMENT

  9. SECURITY RISK REGISTER & TREATMENTS

  10. ANNEX: ASSESSMENT METHODOLOGY

  • Asset Criticality Assessment

  • Threat Assessment

  • Risk Control Effectiveness (RCE) Assessment

  • Risk Assessment



Report Headings Example 2


The following is an alternative example of a starting point for structuring an enterprise security risk assessment report.


1. EXECUTIVE SUMMARY

  • 1.1 Findings and Recommendations

  • 1.2 Key Risks

  • 1.3 Priority Recommendations

2. INTRODUCTION


  • 2.1 Objectives

  • 2.2 Scope

  • 2.3 References

  • 2.4 Definitions

  • 2.5 Methodology

3. BACKGROUND

  • 3.1 Context

  • 3.2 Overview of the Organization

  • 3.3 Stakeholders

  • 3.4 Security Culture

  • 3.5 Risk Criteria

4. RISK IDENTIFICATION

  • 4.1 Assets at Risk

  • 4.2 Sources of Risk

  • 4.3 Threat Assessment

  • 4.4 Vulnerabilities

  • 4.5 Potential Risk Events

  • 4.6 Potential Consequences

5. RISK REGISTER


6. RISK TREATMENTS


7. ADDITIONAL FINDINGS

  • 7.1 Overview

  • 7.2 Findings

  • 7.3 Key Recommendations

  • 7.4 Opportunities forImprovement

8. MONITORING & REVIEW

  • 8.1 Review

  • 8.2 Immediate Monitoring Requirements

  • 8.3 Additional Considerations for Future Review

9. APPENDIX 1: SECURITY PLAN

Recent Posts

See All

The SRMBOK Maturity Model

Security Risk Management Body Of Knowledge (SRMBOK) The SRMBOK maturity model addresses the following four levels: Level 1 INITIAL Level 2 BASIC Level 3 REPEATABLE Level 4 OPTIMIZING The model also ad

©2019 by Julian Talbot