Docstoc

Risk Calculation Worksheet Template

Document Sample
Risk Calculation Worksheet Template Powered By Docstoc
					Draft CDC < System> Risk Assessment Report Appendix C

Revision 08-16-05

Risk Calculation Worksheet
System Name/Identification: Date Completed:

Vulnerability 1: (RA-2) Lack of data classification and management.
Threat Vector Acts of Nature Hazardous Conditions Dependency Failures System and Environmental Failures Violent Acts of Man Errors and Omissions Insider Attack Insider Abuse and Unauthorized Acts External Attack Autonomous Systems and Malicious Code Physical Intrusion and/or Theft Legal and Administrative Action Overall Risk Level Likelihood Impact Risk

(Select the above threats that are applicable to the risk. Delete those that are not. Rate the threats as High, Moderate, or Low)

Vulnerability 2: (PS-7) Lack of policy and procedures for outsourcing.
Threat Vector Acts of Nature Hazardous Conditions Dependency Failures System and Environmental Failures Violent Acts of Man Errors and Omissions Insider Attack Insider Abuse and Unauthorized Acts External Attack Autonomous Systems and Malicious Code Physical Intrusion and/or Theft Legal and Administrative Action Overall Risk Level Likelihood Impact Risk

Sensitive But Unclassified

1

Draft CDC < System> Risk Assessment Report Appendix C

Revision 08-16-05

E-AUTHENTICATION Transaction 1: Client web-browser to web-server session using SDN certificates.
Threat Vector Inconvenience, Distress, or Damage to Standing or Reputation Financial Loss Harm to Agency Programs or Public Interests Unauthorized Release of Sensitive Information Civil or Criminal Violations Overall Risk Level Likelihood Low Low Low Low Low Impact Moderate Moderate Low Low Low Risk Moderate Moderate Low Low Low Moderate EAAL 2 2 2 2 2 2

Transaction 2: Remote shell access to DMZ server through telnet.
Threat Vector Inconvenience, Distress, or Damage to Standing or Reputation Financial Loss Harm to Agency Programs or Public Interests Unauthorized Release of Sensitive Information Civil or Criminal Violations Overall Risk Level Likelihood Low Low Low Low Low Impact Moderate Moderate Low Low Low Risk Moderate Moderate Low Low Low Moderate EAAL 2 2 2 2 2 2

E-Authentication Assurance Level Impact Profiles
Potential Impact Categories for Authentication Errors Inconvenience, Distress, or Damage to Standing or Reputation Financial Loss Harm to Agency Programs or Public Interests Unauthorized Release of Sensitive Information Personal Safety Civil or Criminal Violations 1 Low Low N/A N/A N/A N/A 2 Moderate Moderate Low Low N/A Low 3 Moderate Moderate Moderate Moderate Low Moderate 4 High High High High Moderate/High High

Sensitive But Unclassified

2

Draft CDC < System> Risk Assessment Report Appendix C

Revision 08-16-05

CDC COMMON INFORMATION TYPE
Complete the following table based on the CDC Common Information Type guidance. Information Type NIST SP 800-60 Reference Confidentiality Low/Moderate/ High Integrity Availability Justification for Enhanced Control

Low/Moderate/ Low/Moderate/ High High

Note: If C/I/A ratings differ from NIST SP 800-60, provide justification and obtain approval from OCISO.

Sensitive But Unclassified

3


				
DOCUMENT INFO
Shared By:
Stats:
views:1159
posted:1/28/2008
language:English
pages:3
ocak ocak
About