Risk Assessment Report Outline

  • System description
    • System name
    • System identifier
    • System description
    • Classification level
    • Risk categorization of system, such as low, medium or high
    • System location
    • System connections or interconnections
    • Purpose and function of system
  • Risk Assessment Scope
    • Assumptions, constraints and timeframe
      • Range of threats
  • Purpose of assessment
    • Origin of assessment
    • Initial or subsequent assessment
  • Risk Assessment Approach
    • Guidelines
    • Threat sources
      • Individuals or organizations
      • Structural
        • Equipment, environment or software
      • Environmental
        • Natural or man-made or infrastructure failure or outage
    • Assessment scale
      • Likelihood of occurrence.
      • Impact
      • Level of risk
  • Risk assessment results
    • Threat event
    • Vulnerabilities
    • Mitigating factors
    • Likelihood
    • Impact
    • Risk