The Information Technology Security Manager should create an IT Threat-Risk Assessment Report Template, summarizing assessment findings. ITSD101-1 IT THREAT/RISK ASSESSMENT REPORT should contain the following information, at a minimum:
The Information Technology Security Manager should submit the IT Threat-Risk Assessment Report Template to Information Technology Managers and the affected systems’ management for their review. Information Technology Managers and management of the affected systems should determine if preventive actions are required.
The Information Technology Security Manager should periodically review the risk assessment process to ensure its continued timeliness and applicability. Historical data from ITSD101-1 IT THREAT/RISK ASSESSMENT REPORT (i.e., number, nature, and severity of threats over time) should help determine if risks are under control.
Format: Microsoft Word 2013 (.docx)
Manual: IT Policies and Procedures Templates
Category: IT Security & Disaster Recovery
Procedure: IT Threat-Risk Assessment Procedure ITSD101