Itsecurityriskassessmentchecklist Essay

1970 Words8 Pages
State of California Department of Finance Information Technology Security Risk Assessment Checklist A Tool to Assist with Risk Analysis March 2006 Introduction SAM Section 4841.1 requires that departments do periodic risk analyses, and SAM Section 4845 requires an annual risk management certification, signed by the department director. You may use the attached checklist for part of your risk analysis or for other purposes in your risk management program. The checklist is not intended to cover all of the steps that you need for your annual certification, but provides a high level look at security practices. The checklist topics are arranged to correspond with the categories listed in SAM Section 4842.2, Risk Management Program. To develop the checklist, a workgroup of volunteer ISOs from state departments reviewed National Institute of Standards and Technology (NIST) documents and adapted some checklist items that seem especially relevant to risk assessment in this state. This is not a required assessment, but is available for you to use as a part of your department's periodic risk analysis or possibly for a targeted review of security practices in specific areas. If you have "no" responses when completing the checklist, you should identify risk levels associated with each individual "no" (does it apply to your department? Is it a threat to information integrity or IT security? How likely is this to provide a problem for your department or for the state?). Then make appropriate plans for follow-up. In some cases you will want to rank follow-up actions based on urgency or potential for loss; in some cases you may find that risk can be (or already is) managed in another way. Information Technology Security Risk Assessment Checklist A Tool to Assist with Risk Analysis |

    More about Itsecurityriskassessmentchecklist Essay

      Open Document