O'Reilly logo

Official (ISC)2 Guide to the CAP CBK, 2nd Edition by Patrick D. Howard

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Appendix N: Sample Risk Assessment Outline

The following risk assessment outline is based on guidance contained in National Institute of Standards and Technology Special Publication (NIST SP) 800-30.

Executive Summary

I. Introduction

  • Purpose
  • Scope
  • System description

Describe the system components, elements, users, field site locations (if any), and any other details about the system to be considered in the assessment.

II. Risk Assessment Approach

Briefly describe the approach used to conduct the risk assessment including

  • Project participants
  • The process used for information gathering (i.e., interviews, automated tools, questionnaires, etc.)
  • The methodology for identifying, evaluating, and pairing threats and vulnerabilities; for ranking risks; ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required