An Introduction To
Information, Network and Internet Security
Appendix C - A Sample Risk Register
|
Contents |
Description |
|
Risk name |
Name of the risk |
|
Scope of the risk |
Description of the risk, with details |
|
Nature of the risk (risk Type) |
What sector the risk fits into according to business definitions (e.g. Operational, Strategic, Finance, IT, Compliance etc) |
|
Stakeholders |
Who are the stakeholders affected and to what degree |
|
Owner |
Who owns the risk |
|
Risk Impact |
What is the impact of the risk |
|
Probability of occurrence |
What is the probability of the event occurring |
|
Risk level |
What is the risk level (a function of the impact and probability) |
|
Risk Treatment |
What measures are in place to address the risk |
|
Residual Risk Impact |
What is the residual impact of the risk |
|
Residual Probability of occurrence |
What is the residual probability of the event occurring |
|
Residual Risk level |
What is the residual risk level (a function of the impact and probability) |
|
Risk level accepted |
Yes or no |
|
Accepted by |
Name of individual accepting the residual risk level |
|
Action to be taken |
Any action to be taken |
|
Date identified |
Date identified |
|
Date added to Register |
Date added to Register |
|
Due by |
By what date |
|
Review date |
Date of review of the risk |
|
Date closed |
Date risk entry close |
|
Close by |
Who authorised the closing of the risk |
The Security Practitioner
An Introduction to Information Security
