Appendix N: Sample Risk Assessment Outline

The following risk assessment outline is based on guidance contained in National Institute of Standards and Technology Special Publication (NIST SP) 800-30.

Executive Summary

I. Introduction

Purpose
Scope
System description

Describe the system components, elements, users, field site locations (if any), and any other details about the system to be considered in the assessment.

II. Risk Assessment Approach

Briefly describe the approach used to conduct the risk assessment including

Project participants
The process used for information gathering (i.e., interviews, automated tools, questionnaires, etc.)
The methodology for identifying, evaluating, and pairing threats and vulnerabilities; for ranking risks; ...

Get Official (ISC)2® Guide to the CAP® CBK®, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Official (ISC)2® Guide to the CAP® CBK®, 2nd Edition by Patrick D. Howard

Appendix N: Sample Risk Assessment Outline

Executive Summary

I. Introduction

II. Risk Assessment Approach

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly