O'Reilly logo

Official (ISC)2 Guide to the CAP CBK, 2nd Edition by Patrick D. Howard

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Appendix Q: Sample Risk Remediation Plan

Quarter 2

FY 2012

System Name

System Criticality

Confidentiality

Availability

Integrity

If no weakness, provide a reason

XYZ System

Non-Mission Critical

Moderate

Low

High

N/A

ID

Weakness

POC

Resources Required

Scheduled Completion Date

Milestones With Completion Dates

Actual Completion Date

Status/Comments

Risk Level

1

1.2.2 A mission/business impact analysis has not been conducted.

System Owner

16 Man/Hrs

9/30/2012

Prepare a business impact analysis in accordance with NIST SP 800-34.

Low

2

4.1.7 The vulnerability scan performed on the Unix server detected one medium risk (telnet Daemon is running) ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required