Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

ISMS Risk Assessment Template 2008

advertisement 
NHS Information Governance:
Guidance – ISMS Risk Assessment Template
This NHS IG template is provided to assist NHS organisations and General
Practices to identify, assess and evaluate the treatment of risk that is
appropriate to their local business needs.
--------------------------------------Scope:
The method of information security risk assessment applied throughout
[organisation name] in respect of [all/information] risks is [method name].
Responsibilities:
The [Responsible Manager] is responsible for undertaking risk assessments
wherever they are required by [organisation name].
Procedures:
Identify the risks

The assets within the scope of each risk assessment are identified and
listed in line with the business requirements of [organisation name]
(attach affected asset list).

When new information assets are acquired, or existing assets in any
way change, those assets are added to the inventory of [organisation
name] and are treated in line with the requirements below.

Threats to each of those assets shall be identified [how is this done,
and by whom?] under the headings of threats to availability,
confidentiality and integrity and are documented [in the asset risk log].

Vulnerabilities that might be exploited by each of these threats are
identified [how, and by whom?] and documented with each risk
assessment

Where new vulnerabilities or weaknesses are identified, the risk log
shall be updated and, where appropriate, the risk assessment
procedure set out here shall be repeated and any changed controls
implemented.

The effect that losses of availability, confidentiality and integrity might
have on the assets themselves [ie what is the actual harm to the asset
itself that might occur?] are identified and documented [by whom and
how?].
NHS Information Governance:
Guidance – ISMS Risk Assessment Template
Assess the risks

Impacts – the business harm - that might result from the loss of
availability, confidentiality or integrity, for each of these assets, is
assessed [how, by whom?]

The realistic likelihood that each of these failures might occur is
assessed [how, by whom?]

The risk levels are assessed [how, by whom?]

A decision is made, for each of the risks, as to whether it is acceptable
or if it must be controlled in line with criteria established [by whom,
how?].
Identify and evaluate options for the treatment of risks

For each of the risks, identify [how and by whom?] the possible options
for treating it in line with the decision made in 14 above.

For each of the risks, document which treatment action (accept, reject,
transfer or control) is going to be taken [how and by whom?] and
document in the [organisation name] risk treatment plan [how and by
whom?] the reasons for each choice.
Select control objectives and controls for treatment of the risks.

Appropriate control objectives are selected from {Annex A of BS77992:2005 [by whom, how?]/ISO 27001} and the reasons for the selections
are documented [in a detailed working document, by whom and how?]
in the light of the conclusions to the risk assessment and risk treatment
processes.

These control objectives and controls are then summarized into the
organisation’s information security management system .

The [Responsible manager] is the owner of this document and is
responsible for ensuring that its procedures are reviewed and followed
in line with the requirements of [organisation name].

A current version of this document is available to [all/specified]
members of staff on the [corporate intranet] and is published
[publication period].
NHS Information Governance:
Guidance – ISMS Risk Assessment Template
This risk management procedure was approved by [Name / Position ] on
[date] and is issued on a version controlled basis under his/her signature
Signature:
Designation:
[Policy issue version no and publication date]
Date:
Related documents
Interfaces between ethnography
Interfaces between ethnography
INFORMATION SECURITY POLICY
INFORMATION SECURITY POLICY
Example SIRO job description Word 37Kb
Example SIRO job description Word 37Kb
MM Assignment briefing - Jun-Sep 2013
MM Assignment briefing - Jun-Sep 2013
Information Strategy - National Information Governance Board for
Information Strategy - National Information Governance Board for
Font Graphics Colour - Classroom Multimedia
Font Graphics Colour - Classroom Multimedia
Unit G620
Unit G620
Preparing a Records Management Plan (RMP)
Preparing a Records Management Plan (RMP)
URIncluded Powerpoint
URIncluded Powerpoint
Regulatory Compliance Policy template
Regulatory Compliance Policy template
What is your role in the organisation?
What is your role in the organisation?
Innovation Hub Presentation
Innovation Hub Presentation
1.10 Risk management policy template
1.10 Risk management policy template
Marketing Planning (MOD004454)
Marketing Planning (MOD004454)
UCD 2 - Department of Agriculture
UCD 2 - Department of Agriculture
see flip-chart notes
see flip-chart notes
Risk Management - Community Door
Risk Management - Community Door
Consultation Questionnaire for CPFT`s Personality Disorder
Consultation Questionnaire for CPFT`s Personality Disorder
Question 1 Please find below the response to your recent Freedom
Question 1 Please find below the response to your recent Freedom
5.1 Feedback policy template
5.1 Feedback policy template
Confidentiality
Confidentiality
Fellowships in Clinical Leadership
Fellowships in Clinical Leadership
Download
advertisement