Scribd
Upload
58 views

Example Risk Assessment Report

The document discusses the components that should be included and excluded from an IT system risk assessment. It states that components within the system boundary should be included, while related systems subject to separate risk assessments can be excluded. However, the risk assessment should consider risks associated with interconnected systems, even if those systems themselves are not reassessed. The parameters of how the system operates should also be established to ensure all relevant threats are considered.

Uploaded by

Zayaan Rnb
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
58 views

Example Risk Assessment Report

The document discusses the components that should be included and excluded from an IT system risk assessment. It states that components within the system boundary should be included, while related systems subject to separate risk assessments can be excluded. However, the risk assessment should consider risks associated with interconnected systems, even if those systems themselves are not reassessed. The parameters of how the system operates should also be established to ensure all relevant threats are considered.

Uploaded by

Zayaan Rnb
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Example Risk Assessment Report

Appendix D, page 12 2.2 IT System Boundary & Components included in the Risk Assessment Using the system boundary information already documented in Table B (see Section 3.2.3 of the Guideline), verify that the components that are included in this risk assessment are defined, and components not included are defined as appropriate. If the IT System under assessment connects or shares data with other IT Systems, risks associated with these other IT Systems should be considered in the risk assessment, even though the other IT Systems themselves will not be reassessed. In most cases, the components included in the risk assessment will be the same as those within the system boundary (see section 3.2.3 of the Risk Management Guideline). Agencies, however, must make an affirmative decision regarding components included in the risk assessment, including major components that could create risk for the IT system. For example, an IT system (System A) may make use of a third-party network infrastructure, but since the third-party network is subject to a separate risk assessment, should not be assessed again. However, the System A risks assessment should reference the network risk assessment, and highlight any pertinent network risks. Establishing parameters in which the system operates

guarantees consideration of all relevant threa

Activities are grouped accordingto location. A combination of the functional and divisional.Dual reporting lines

You might also like