Scribd Logo
Upload

Welcome to Scribd!

  • 201202GRA

    Uploaded by

    Mudit Kothari
    19 views8 pages

    Original Title

    201202GRA.xls

    Copyright

    © © All Rights Reserved

    Available Formats

    XLS, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as XLS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    19 views8 pages

    201202GRA

    Uploaded by

    Mudit Kothari

    Copyright:

    © All Rights Reserved
    Download as XLS, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    This template was purchased by AuditNet from a third party under a work for hire

    agreement. However, while we have attempted to provide accurate information no


    representation is made or warranty given as to the completeness or accuracy of
    the template. In particular, you should be aware that the template may be
    incomplete, may contain errors, or may have become out of date. While every
    reasonable precaution has been taken in the preparation of this template, neither
    the author nor AuditNet assumes responsibility for errors or omissions, or for
    damages resulting from the use of the information contained herein. The
    information contained in this document is believed to be accurate. However, no
    guarantee is provided. Use this information at your own risk.
    Steps to fill out risk analysis:
    1. Identify Major Application(s)
    2. Identify General Support System(s)
    3. For each threat to your MA and GSS, evaluate the Likelihood of Occurrence and Impact Severity.
    4. Use past experience and/or vulnerability test results to increase/decrease likelihood ratings.
    5. Add any additional threats to either MA or GSS as you see fit.
    6. Once you have developed an action plan to decrease risks, rerun the tool to get new ratings.
    Recommendations are examples of actions you can take to mitigate high risk items.
    GLOBAL Corporate Risk Analysis Methodology Spreadsheet
    3. For each threat to your MA and GSS, evaluate the Likelihood of Occurrence and Impact Severity.
    6. Once you have developed an action plan to decrease risks, rerun the tool to get new ratings.
    246293685.xls.ms_office
    Client:
    Major Application:
    Threat categories
    Likelihood of
    occurrence
    Human threats
    1 Data entry errors or omissions 4
    2 Inadvertent acts or carelessness 2
    3 Impersonation 3
    4 Shoulder surfing 3
    5 User abuse or fraud 4
    6 Theft, sabotage, vandalism or physical intrusions 3
    7 Espionage 2
    Technical threats
    1 Misrepresentation of identity 2
    2 Intrusion or unauthorized access to system resources 4
    3 Data/system contamination 4
    4 Eavesdropping 4
    5 Insertion of malicious software or unauthorized modification of database 4
    6 Takeover of authorized session 4
    7 System and application errors, failures, and intrusions not properly audited and logged 7
    General Support System:
    Environmental and physical threats
    1 Environmental conditions 2
    2 Hazardous material accident 2
    3 Physical cable cuts 2
    4 Power fluctuation 4
    5 Secondary disasters 2
    Human threats
    1 Arson 2
    2 Improper disposal of sensitive media 4
    3 Shoulder surfing 4
    4 Inadvertent acts or carelessness 4
    HIPAAssociates Confidential 10/3/2014 Page 4
    246293685.xls.ms_office
    Client:
    Major Application:
    Threat categories
    Likelihood of
    occurrence
    Human threats
    5 Omissions 5
    6 Procedural violation 5
    7 Scavenging 4
    8 Theft, sabotage, vandalism or physical intrusions 3
    9 User abuse 4
    10 Espionage 2
    11 Labor unrest 5
    12 Terrorism 2
    13 Riot/civil disorder 1
    Natural threats
    1 Natural disaster 2
    2 Secondary disaster 2
    Technical threats
    1 Data/system contamination 4
    2 Compromising emanations 4
    3 Corruption by system, system errors, or failures 4
    4 Eavesdropping 4
    5 Misuse of known software weaknesses 2
    6 Hardware/equipment failure 3
    7 Insertion of malicious software or unauthorized modification of database 5
    8 Installation errors 5
    9 Intrusion or unauthorized access to system resources 4
    10 Jamming (Telecommunications) 2
    11 Impersonation 3
    12 Saturation of communications or resources 3
    13 Tampering 3
    HIPAAssociates Confidential 10/3/2014 Page 5
    246293685.xls.ms_office
    Impact
    severity
    Risk
    level
    12
    6
    15
    9
    24
    18
    12
    12
    24
    24
    24
    24
    24
    42
    8
    8
    8
    16
    8
    12
    24
    24
    24
    HIPAAssociates Confidential 10/3/2014 Page 6
    246293685.xls.ms_office
    Impact
    severity
    Risk
    level
    30
    30
    24
    18
    24
    12
    30
    12
    6
    12
    12
    24
    20
    24
    24
    12
    18
    30
    25
    24
    8
    18
    12
    12
    HIPAAssociates Confidential 10/3/2014 Page 7
    Likelihood of occurrence
    1 Negligible Unlikely to occur
    2 Very low Likely to occur 2/3 times every 5 years
    3 Low Likely to occur once every year or less
    4 Medium Likely to occur every 6 months or less
    5 High Likely to occur once every month or less
    6 Very high Likely to occur multiple times per month
    7 Extreme Likely to occur multiple times per day
    Impact severity
    1 Insignificant
    2 Minor
    3 Significant
    4 Damaging
    5 Serious
    6 Critical

    You might also like