Appendix Q: Sample Risk Remediation Plan
Quarter 2 |
|||||
FY 2012 |
|||||
System Name |
System Criticality |
Confidentiality |
Availability |
Integrity |
If no weakness, provide a reason |
XYZ System |
Non-Mission Critical |
Moderate |
Low |
High |
N/A |
ID |
Weakness |
POC |
Resources Required |
Scheduled Completion Date |
Milestones With Completion Dates |
Actual Completion Date |
Status/Comments |
Risk Level |
1 |
1.2.2 A mission/business impact analysis has not been conducted. |
System Owner |
16 Man/Hrs |
9/30/2012 |
Prepare a business impact analysis in accordance with NIST SP 800-34. |
Low |
||
2 |
4.1.7 The vulnerability scan performed on the Unix server detected one medium risk (telnet Daemon is running) ... |
Get Official (ISC)2® Guide to the CAP® CBK®, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.