Allegro Worksheet V1 PDF

Preview

Summary

Allegro Worksheet RISK MEASUREMENT CRITERIA – REPUTATION AND CUSTOMER CONFIDENCEImpact Area Low Moderate HighReputationReputation is slightly affected. Ver easy to recover.Reputation is spoiled. Lot of money and time should be spent.Reputation is damaged very severely and cannot be restored.Customer...

Description

Allegro Worksheet Impact Area Reputation

Customer Loss

RISK MEASUREMENT CRITERIA – REPUTATION AND CUSTOMER CONFIDENCE Low

Moderate

High

Reputation is slightly affected. Ver easy to recover. Less than 15% loss in customers due to loss of confidence

Reputation is spoiled. Lot of money and time should be spent 15 to 55% loss in customers due to loss of confidence

Reputation is damaged very severely and cannot be restored. More than 50% loss in customers due to loss of confidence and publicity.

Allegro Worksheet Impact Area

RISK MEASUREMENT CRITERIA – FINANCIAL Low

Moderate

High

Operating Costs

25% increase in yearly operating costs

Yearly operating costs increase by 25 to 50%.

Yearly operating costs increased more than 50%.

Revenue Loss

Less than 20% loss in revenue

Less than 50% loss in revenue

Greater than 50% yearly revenue loss

One-Time Financial Loss

One-time financial cost of less than $ 40,000

One-time financial cost of $ 40,000 to $ 200,000

One-time financial cost greater than $ 250,000

Allegro Worksheet Impact Area

Staff Hours

RISK MEASUREMENT CRITERIA – PRODUCTIVITY Low

Moderate

Human work hours are increased by less than 15% for 2 day(s).

Human work hours are increased between 15% and 40% for 5day(s).

Allegro Worksheet Impact Area

High Human work hours are increased by greater than 50% for 5 to 15day(s)

RISK MEASUREMENT CRITERIA – SAFETY AND HEALTH Low

Life

No damage to customers’ or staff members’ lives

Health

Minimal, immediately treatable degradation in customers’ or staff

Moderate Customers’ or staff members’ lives are at risk, but they will recover after recei ing medication Temporary or recoverable impairment of customers’ or staff members’ health

High Damage of customers’ or staff members’ lives Permanent impairment of significant aspects of customers’ or staff

Safety is questioned

Safety

Allegro Worksheet Impact Area

Safety is affected

Safety is violated

RISK MEASUREMENT CRITERIA – FINES AND LEGAL PENALTIES Low

Moderate

High

Fines

Fines less than 19% are levied.

Fines between 20% and 50% are levied.

Fines greater than 50% are levied.

Lawsuits

Non-frivolous lawsuit or lawsuits less than 10% are filed against the organization, or frivolous lawsuit(s) are filed against the organization.

Non-frivolous lawsuit or lawsuits between 20% and 40% are filed against the organization.

Non-frivolous lawsuit or lawsuits greater than 50% are filed against the organization.

Investigations

No queries from government or other organizations

Government or other investigative organization requests information or records (low profile).

Government or other investigative organization initiates a high-profile, in-depth investigation into organizational practices

Allegro Worksheet

IMPACT AREA PRIORITIZATION WORKSHEET

PRIORITY 5 4 3 2 1

IMPACT AREAS Productivity Financial Reputation and Customer Confidence Fines and Legal Penalties Safety and Health

Allegro Worksheet 8

CRITICAL INFORMATION ASSET PROFILE

(1) Critical Asset

(2) Rationale for Selection

(3) Description

Business Data

This asset is important to the organization because it stores all of the crucial data like permissions, access etc.

A data system used for storing info for long or short periods of time and keeping it organized.

(4) Owner(s) Organization “XYZ” (5) Security Requirements  Confidentiality

Only authorized personnel can view this information asset, as follows:

Security Manager, CEO, Security Admin

Only authorized personnel can modify this information asset, as follows:

Security Manager, CEO

 Integrity

This asset must be available for these personnel to do their jobs, as follows:

Security Manager, CEO. Security Admin, Users.

 Availability This asset must be available for 24 hours, 7 days/week, 365 days/year.

 Other

This asset has special regulatory compliance protection requirements, as follows:

HIPPA is needed in medical organization and PCI DSS for Bank Information.

(6) Most Important Security Requirement

 Confidentiality

 Integrity

 Availability

 Other

Allegro - Worksheet 10

INFORMATION ASSET RISK WORKSHEET

Information Asset

Active Directory

Area of Concern

Unauthorized disclosure of Financial and person data.

(1) Actor

Attacker or Competitor.

Who would exploit the area of concern or threat? (2) Means

Exploiting the Vulnerabilities.

Information Asset Risk

Threat

How would the actor do it? What would they do? (3) Motive

Trying to steal financial and personal information

What is the actor’s reason for doing it?

from the business or from other customers.

(4) Outcome

 Disclosure

 Destruction

What would be the resulting effect on the information asset?

 Modification

 Interruption

(5) Security Requirements

By getting Access to the ports in the Active

How would the information asset’s security requirements be breached?

Directory.

(6) Probability What is the likelihood that this threat scenario could occur?

✔ High

(7) Consequences What are the consequences to the organization or the information asset owner as a result of the outcome and breach of security requirements?

Moderate

Medium

Low

(8) Severity How severe are these consequences to the organization or asset owner by impact area? Impact Area

Value

Score

Reputation & Customer

5

20

Financial

3

15

Productivity

2

5

Safety & Health

1

5

Fines & Legal Penalties

4

20

User Defined Impact Area

N/A

N/A

Relative Risk Score

65...