Scribd
Upload
366 views

It Risk Assessment Toolkit

This document outlines an IT risk assessment toolkit covering 9 control areas related to IT security, contingency planning, systems security, access control, data protection, facilities security, personnel security, threat management, and asset management. Each control area contains specific subsections describing security controls that can be assessed for their current implementation and planned improvements.

Uploaded by

ssingh7610
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
366 views

It Risk Assessment Toolkit

This document outlines an IT risk assessment toolkit covering 9 control areas related to IT security, contingency planning, systems security, access control, data protection, facilities security, personnel security, threat management, and asset management. Each control area contains specific subsections describing security controls that can be assessed for their current implementation and planned improvements.

Uploaded by

ssingh7610
Copyright
© Attribution Non-Commercial (BY-NC)
Available Formats
Download as XLSX, PDF, TXT or read online on Scribd
You are on page 1/ 1

IT Risk Assessment Toolkit

Control Area 1 Risk Management


1.1 IT Security Roles & Responsibilities 1.2 Business Impact Analysis 1.3 IT System & Data Sensitivity Classification 1.4 IT System Inventory & Definition 1.5 Risk Assessment 1.6 IT Security Audits

In-Place/ Planned

Description of Controls

2 IT Contingency Planning
2.1 Continuity of Operations Planning 2.2 IT Disaster Recovery Planning 2.3 IT System & Data Backup & Restoration

3 IT Systems Security
3.1 IT System Hardening 3.2 IT Systems Interoperability Security 3.3 Malicious Code Protection 3.4 IT Systems Development Life Cycle Security

4 Logical Access Control


4.1 Account Management 4.2 Password Management 4.3 Remote Access

5 Data Protection
4.4 Data Storage Media Protection 4.5 Encryption

6 Facilities Security
6.1 Facilities Security

7 Personnel Security
7.1 Access Determination & Control 7.2 IT Security Awareness & Training 7.3 Acceptable Use

8 Threat Management
8.1 Threat Detection 8.2 Incident Handling 8.3 Security Monitoring & Logging

9 IT Asset Management
9.1 IT Asset Control 9.2 Software License Management 9.3 Configuration Management & Change Control

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy