Scribd Logo
Upload

Welcome to Scribd!

  • 15 views

    Asset Name Asset Value Vulnerabilities Vulnerability Value

    Uploaded by

    S Seetha
    The document lists assets and their associated vulnerabilities and values. It then lists threats to those assets, existing controls to mitigate the threats, and evaluates the probability and impact of each threat. Risk values are calculated and contexts and risk owners are identified. Applied controls are documented.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Asset Name Asset Value Vulnerabilities Vulnerability Value

    Uploaded by

    S Seetha
    15 views4 pages
    The document lists assets and their associated vulnerabilities and values. It then lists threats to those assets, existing controls to mitigate the threats, and evaluates the probability and impact of each threat. Risk values are calculated and contexts and risk owners are identified. Applied controls are documented.

    Original Description:

    Original Title

    Risk Register

    Copyright

    © © All Rights Reserved

    Available Formats

    XLSX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document lists assets and their associated vulnerabilities and values. It then lists threats to those assets, existing controls to mitigate the threats, and evaluates the probability and impact of each threat. Risk values are calculated and contexts and risk owners are identified. Applied controls are documented.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as xlsx, pdf, or txt
    15 views4 pages

    Asset Name Asset Value Vulnerabilities Vulnerability Value

    Uploaded by

    S Seetha
    The document lists assets and their associated vulnerabilities and values. It then lists threats to those assets, existing controls to mitigate the threats, and evaluates the probability and impact of each threat. Risk values are calculated and contexts and risk owners are identified. Applied controls are documented.

    Copyright:

    © All Rights Reserved
    Download as XLSX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as xlsx, pdf, or txt
    of 4

    Asset Name Asset Value Vulnerabilities Vulnerability Value

    Desktop 2 Wrong allocation of access rights 1

    2 Unnecessary services enabled 1

    2 Lack of monitoring mechanisms 1

    2 Poor password management 1


    2 Presence of combustible material 1

    2 No backup of data 1

    2 Local administrator rights provided 1

    2 Undefined process for data disposal 1

    2 Unauthorized Software installation 1


    2 Lack of user awareness 1

    2 USB & CD ROM drive access 1

    2 No or insufficient Patch installation 1


    Lack of security software
    2 installation (e.g. AV) 1

    Java and other flash updates are


    automatically updated / not
    2 updated 1

    Lack of Synchronization to a
    2 common clock 1
    Threat
    Threat Existing Control Control Probability Impact
    Access will be provided based on the
    approval and access rights will be A.9.2.2
    Abuse of rights reviewed once in quarter A.9.2.5 1 3
    Unauthorized processing of Administrator access rights restricted
    data for enabling services A.13.1.2 1 3

    All the information accessing rights are


    Abuse of rights monitored and reviewed periodically A.12.7.1 1 3
    Awareness is provided on the usage of
    password and password complexity is
    Unauthorized system access implemented A.9.4.3 1 3
    Fire Fire Extinguisher system is available A.11.2.1 1 3
    Important data is stored in Share
    Loss of Data folder U drive A1.12.3.1 1 3

    Local admin rights will be provided to


    the users based on the approval and
    access will be reviewed once in a
    Unauthorized system use quarter A.9.2.2 1 3
    Equipment will be disposed when it
    Loss of data become obselete A.11.2.7 1 3
    Violation of license Software installation will be done after
    requirement getting the approval A.12.6.2 1 3
    Abuse of rights Training is provided to users A.7.2.2 1 3

    USB and CD access will be provided to


    the users based on the approval and
    access will be reviewed once in a
    Leakage of data quarter A.9.2.2 1 3
    Increase in system Patches are deployed to the systems
    vulnerability through automated solution A.12.6.1 1 3
    Deployment of security softwares to
    Corruption of data the system is monitored regularly A.12.6.1 2 3

    Increase in system Patches are deployed to the systems


    vulnerability through automated solution A.12.6.1 2 3
    Systems are connected to TVSM
    Domain. Clocks are synchronized with
    Error in use Active directory A.12.4.4 2 3
    Threat Value Risk Value Context Risk Owner Acceptance

    2 5 Process Yes

    2 5 Process Yes

    2 5 Process Yes

    2 5 People Yes
    2 5 External Environment Yes

    2 5 Process Yes

    2 5 Process Yes

    2 5 Process Yes

    2 5 Legal requirement Yes


    2 5 People Yes

    2 5 Process Yes

    3 6 Technology Yes

    3 6 Process Yes

    Technology (compatibility
    issue exist between software
    application used( Java &
    Flash ) making updates not
    3 6 necessary Yes

    3 6 Process Yes
    Applied Controls

    You might also like