Group: _______________________________________________________________ CS5493
Risk Analysis: The Risk Register
1. Create a Risk Register for your domain. Work with your group to brainstorm a risk
register. Assume values are annualized or over the lifetime of the lifetime of the asset
(whichever works best). Use a spreadsheet to compile a table with the following
information:
a. Begin by making a list of assets that are subject to risks. Assets are anything of
value. List at least 10 assets for your domain. If you can't come up with 10 assets
in your domain, include assets from other related domains.
b. Estimate the value of each asset. Try to assign realistic values. Refer to any
resource at your disposal for assistance.
c. Enter the threat for each asset. If there are multiple threats for an asset, include
multiple lines for that asset. Enter the frequency of occurrence for each threat and
its corresponding asset.
d. Enter the probability of each threat occurring. This is the vulnerability probability.
e. Compute the risk probability for each threat.
f. Compute the exposure cost for each threat.
g. Determine how to prioritize the entries in the risk-register and rank the entries.
2. Categorize a response to each threat using the four choices below. Provide a detailed
explanation to each response.
a.
b.
c.
d.
Eliminate
Transfer
Mitigate
Accept
Here is an example of how to get started:
Resource
resource
1
resource
2
value
Threat
Threat
frequency
Vulnerability
probability
Risk
probability
Exposure
cost
$100 threat 1
threat 2
threat 3
3
1
5
0.01
0.05
0.005
0.03
0.05
0.025
$3
$5
$3
$8,000 threat a
threat b
1
1
0.001
0.2
0.001
0.2
$8
$1,600
You must also include a risk response category and explanation for each threat.