top of page
Search
  • jt
    • Sep 7, 2020
    • 1 min read

Security Risk Assessment Reports - Two Ways

Report Headings Example 1


The following is one example of how to structure a Security Risk Assessment.


  1. TERMS AND DEFINITIONS

  2. TABLE OF CONTENTS

  3. EXECUTIVE SUMMARY

  4. SCOPE, CONTEXT AND CRITERIA

  5. ASSET CRITICALITY ASSESSMENT

  6. THREAT ASSESSMENT

  7. RISK CONTROL

  8. EFFECTIVENESS ASSESSMENT

  9. SECURITY RISK REGISTER & TREATMENTS

  10. ANNEX: ASSESSMENT METHODOLOGY

  • Asset Criticality Assessment

  • Threat Assessment

  • Risk Control Effectiveness (RCE) Assessment

  • Risk Assessment



Report Headings Example 2


The following is an alternative example of a starting point for structuring an enterprise security risk assessment report.


1. EXECUTIVE SUMMARY

  • 1.1 Findings and Recommendations

  • 1.2 Key Risks

  • 1.3 Priority Recommendations

2. INTRODUCTION


  • 2.1 Objectives

  • 2.2 Scope

  • 2.3 References

  • 2.4 Definitions

  • 2.5 Methodology

3. BACKGROUND

  • 3.1 Context

  • 3.2 Overview of the Organization

  • 3.3 Stakeholders

  • 3.4 Security Culture

  • 3.5 Risk Criteria

4. RISK IDENTIFICATION

  • 4.1 Assets at Risk

  • 4.2 Sources of Risk

  • 4.3 Threat Assessment

  • 4.4 Vulnerabilities

  • 4.5 Potential Risk Events

  • 4.6 Potential Consequences

5. RISK REGISTER


6. RISK TREATMENTS


7. ADDITIONAL FINDINGS

  • 7.1 Overview

  • 7.2 Findings

  • 7.3 Key Recommendations

  • 7.4 Opportunities forImprovement

8. MONITORING & REVIEW

  • 8.1 Review

  • 8.2 Immediate Monitoring Requirements

  • 8.3 Additional Considerations for Future Review

9. APPENDIX 1: SECURITY PLAN

139 views0 comments

Recent Posts

See All
bottom of page