Casino Gambling Information Technology System

RISK ASSESSMENT REPORT Template

Information Technology Risk Assessment For

Risk Assessment Annual Document Review History

The Risk Assessment is reviewed, at least annually, and the date and reviewer recorded on the table below.

  Review DateReviewer
  
  
  

Table of Contents

1       INTRODUCTION.. 1

2       IT SYSTEM CHARACTERIZATION.. 2

3       RISK IDENTIFICATION.. 6

4       CONTROL ANALYSIS. 8

5       RISK LIKELIHOOD DETERMINATION.. 11

6       IMPACT ANALYSIS. 13

7       RISK DETERMINATION.. 15

8       RECOMMENDATIONS. 17

9       RESULTS DOCUMENTATION.. 18

List of Exhibits

Exhibit  1:  Risk Assessment Matrix. 18

List of Figures

Figure 1 – IT System Boundary Diagram.. 4

Figure 2 – Information Flow Diagram.. 5

List of Tables

Table A:    Risk Classifications. 1

Table B:    IT System Inventory and Definition. 2

Table C:    Threats Identified. 4

Table D:    Vulnerabilities, Threats, and Risks. 5

Table E:     Security Controls. 6

Table F:     Risks-Controls-Factors Correlation. 8

Table G:    Risk Likelihood Definitions. 9

Table H:    Risk Likelihood Ratings. 9

Table I:     Risk Impact Rating Definitions. 13

Table J:      Risk Impact Analysis. 13

Table K:    Overall Risk Rating Matrix. 15

Table L:    Overall Risk Ratings Table. 15

Table M:   Recommendations. 17

1    INTRODUCTION

Risk assessment participants:

Participant roles in the risk assessment in relation assigned agency responsibilities:

Risk assessment techniques used:

Table A:  Risk Classifications

  Risk LevelRisk Description & Necessary Actions
HighThe loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets or individuals.
ModerateThe loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets or individuals.
LowThe loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets or individuals.

2    IT SYSTEM CHARACTERIZATION

2    IT SYSTEM CHARACTERIZATION

Table B:  IT System Inventory and Definition

IT System Inventory and Definition Document
I. IT System Identification and Ownership
IT System ID IT System Common Name 
Owned By 
Physical Location 
Major Business Function 
System OwnerPhone Number System Administrator(s)Phone Number 
Data Owner(s)Phone Number(s) Data Custodian(s)Phone Number(s) 
Other Relevant Information 
II. IT System Boundary and Components
IT System Description and Components 
IT System Interfaces 
IT System Boundary 
III. IT System Interconnections (add additional lines, as needed)
Agency or OrganizationIT System NameIT System IDIT System OwnerInterconnec­tion Security Agreement Status
     
     
     
     
         

Table B:  IT System Inventory and Definition (continued)

Overall IT System Sensitivity Rating and ClassificationOverall IT System Sensitivity RatingMust be “high” if sensitivity of any data type is rated “high” on any criterion
        High                                             Moderate                                                        Low
IT System ClassificationMust be “Sensitive” if overall sensitivity is “high”; consider as “Sensitive” if overall sensitivity is “moderate”
  Sensitive                                                                                                    Non-Sensitive

Description or diagram of the system and network architecture, including all components of the system and communications links connecting the components of the system, associated data communications and networks:

Figure 1 – IT System Boundary Diagram

Description or a diagram depicting the flow of information to and from the IT system, including inputs and outputs to the IT system and any other interfaces that exist to the system:

Figure 2 – Information Flow Diagram

3    RISK IDENTIFICATION

      Identification of Vulnerabilities

Vulnerabilities were identified by:

      Identification of Threats

Threats were identified by:

The threats identified are listed in Table C.

Table C:  Threats Identified

   
   
   
   
   
   
   
   
   

Identification of Risks

Risks were identified by:

             The way vulnerabilities combine with credible threats to create risks is identified Table D.

Table D:  Vulnerabilities, Threats, and Risks

RiskNo.VulnerabilityThreatRisk of Compromise ofRisk Summary
1    
2    
3    
4    
5    
6    
7    
8    
9    
10    
11    
12    
13    
14    
15    
16    
17    
18    
19    
20    
21    
22    
23    
24    
25    

4    CONTROL ANALYSIS

Table E documents the IT security controls in place and planned for the IT system.

Table E:  Security Controls

Control AreaIn-Place/
Planned
Description of Controls
1 Risk Management
1.1 IT Security Roles & Responsibilities  
1.2 Business Impact Analysis  
1.3 IT System & Data Sensitivity Classification  
1.4 IT System Inventory & Definition  
1.5 Risk Assessment  
1.6 IT Security Audits  
2 IT Contingency Planning
2.1 Continuity of Operations Planning  
2.2 IT Disaster Recovery Planning  
2.3 IT System & Data Backup & Restoration  
3 IT Systems Security
3.1 IT System Hardening  
3.2 IT Systems Interoperability Security  
3.3 Malicious Code Protection  
3.4 IT Systems Development Life Cycle Security     
4 Logical Access Control
4.1 Account Management  
4.2 Password Management  
4.3 Remote Access  
5 Data Protection
4.4 Data Storage Media Protection  
4.5 Encryption  
6 Facilities Security
6.1 Facilities Security  
7 Personnel Security
7.1 Access Determination & Control  
7.2 IT Security Awareness & Training  
7.3 Acceptable Use  
8 Threat Management
8.1 Threat Detection  
8.2 Incident Handling  
8.3 Security Monitoring & Logging  
9 IT Asset Management
9.1 IT Asset Control  
9.2 Software License Management  
9.3 Configuration Management & Change Control  
    

Table E correlates the risks identified in Table C with relevant IT security controls documented in Table D and with other mitigating or exacerbating factors.

Table F: Risks-Controls-Factors Correlation

RiskNo.Risk SummaryCorrelation of Relevant Controls & Other Factors
1  
2  
3  
4  
5  
6  
7  
8  
9  
10  
11  
12  
13  
14  
15  
16  
17  
18  
19  
20  
21  
22  
23  
24  
25  

5    RISK LIKELIHOOD DETERMINATION

Table G defines the risk likelihood ratings.

Table G:  Risk Likelihood Definitions

Effectiveness of ControlsProbability of Threat Occurrence (Natural or Environmental Threats) or Threat Motivation and Capability (Human Threats)
Low
Moderate
High
Low
ModerateHighHigh
Moderate
LowModerateHigh
High
LowLowModerate

Table G, evaluates the effectiveness of controls and the probability or motivation and capability of each threat to BFS and assigns a likelihood, as defined in Table F, to each risk documented in Table C.

Table H:  Risk Likelihood Ratings

RiskNo.Risk SummaryRisk Likelihood EvaluationRisk Likelihood Rating
1   
2   
3   
4   
5   
6   
7   
8   
9   
10   
11   
12   
13   
14   
15   
16   
17   
18   
19   
RiskNo.Risk SummaryRisk Likelihood EvaluationRisk Likelihood Rating
20   
21   
22   
23   
24   
25   

6    IMPACT ANALYSIS

  Table I documents the ratings used to evaluate the impact of risks.

Table I: Risk Impact Rating Definitions

Magnitude of ImpactImpact Definition
HighOccurrence of the risk: (1) may result in human death or serious injury; (2) may result in the loss of major COV tangible assets, resources or sensitive data; or (3) may significantly harm, or impede the COV’s mission, reputation or interest.
ModerateOccurrence of the risk: (1) may result in human injury; (2) may result in the costly loss of COV tangible assets or resources; or (3) may violate, harm, or impede the COV’s mission, reputation or interest.
LowOccurrence of the risk: (1) may result in the loss of some tangible COV assets or resources or (2) may noticeably affect the COV’s mission, reputation or interest.

Table J documents the results of the impact analysis, including the estimated impact for each risk identified in Table D and the impact rating assigned to the risk.

Table J:  Risk Impact Analysis

RiskNo.Risk SummaryRisk ImpactRisk Impact Rating
1   
2   
3   
4   
5   
6   
7   
8   
9   
10   
11   
12   
13   
14   
15   
16   
17   
18   
19   
20   
21   
22   
23   
24   
25   

Description of process used in determining impact ratings:
7    RISK DETERMINATION

Table K documents the criteria used in determining overall risk ratings.

Table K:  Overall Risk Rating Matrix

Risk LikelihoodRisk Impact
Low
(10)
Moderate
(50)
High
(100)
High
(1.0)
Low10 x 1.0 = 10Moderate50 x 1.0 = 50High100 x 1.0 = 100
Moderate
(0.5)
Low10 x 0.5 = 5Moderate50 x 0.5 = 25Moderate100 x 0.5 = 50
Low
(0.1)
Low10 x 0.1 = 1Low50 x 0.1 = 5Low100 x 0.1 = 10

Risk Scale: Low (1 to 10); Moderate (>10 to 50); High (>50 to 100)

Table L assigns an overall risk rating, as defined in Table K, to each of the risks documented in Table D.

Table L:  Overall Risk Ratings Table

RiskNo.Risk SummaryRisk Likelihood RatingRisk Impact RatingOverall Risk Rating
1    
2    
3    
4    
5    
6    
7    
8    
9    
10    
11    
12    
13    
14    
15    
16    
17    
18    
19    
20    
21    
22    
23    
24    
25    

Description of process used in determining overall risk ratings:
8    RECOMMENDATIONS

       Table M documents recommendations for the risks identified in Table D.

Table M:  Recommendations

RiskNo.RiskRisk RatingRecommendations
1   
2   
3   
4   
5   
6   
7   
8   
9   
10   
11   
12   
13   
14   
15   
16   
17   
18   
19   
20   
21   
22   
23   
24   
25   

9    RESULTS DOCUMENTATION

Exhibit  1:  Risk Assessment Matrix

RiskNo.VulnerabilityThreatRiskRiskSummaryRisk Likelihood RatingRisk Impact RatingOverall Risk RatingAnalysis of  Relevant Controls and Other Factors Recommendations
1         
2         
3         
4         
5         
6         
7         
8         
9         
10         
11         
12         
13         
14         
15         
16         
17         
18         
19         
20         
21         
22         
23         
24         
25         
Order a unique copy of this paper
(550 words)

Approximate price: $22

Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency