Risk Assessment and Mitigation Tool PCI-DSS-FORM-12-4
Assessment Details Risk Assessment Title
[Short, descriptive title]
Risk Assessment Scope
[Describe the scope of the risk assessment e.g. location, process, assets] Context of Business Impact [Describe the general environment in which the analysis is Analysis carried out and internal and external factors affecting it] Risk Acceptance Criteria Version
[Set out the factors which will make a risk acceptable and therefore not require mitigation] [Start at Version 1]
Dated
[Date the assessment was carried out]
Risk Assessors
[Name and title of person(s) carrying out the risk assessment]
Risk Assessment Participants Approval
[Names and titles of people contributing to the risk assessment] [Name and title of approver]
Date Approved
[Date the assessment was approved]
Cardholder Data Environment Risk Assessment Workbook Start with the risks that are felt to have the highest likelihood and impact combination first RISK DESCRIPTION Ref Cardholder Data Vulnerability Threat Environment Asset 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
PRE-MITIGATION Risk Risk Description Owner
Note – not all columns are shown.
MITIGATION
Existing Likelihood Likelihood Impact controls rationale Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select…
Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select…
Impact Risk score rationale Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated
Risk level
Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated Calculated
Mitigation Proposed Mitigation option control cost chosen Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select… Select…
Examples of Threats The following is a standard list of typical threats that may be use as guidance for your risk assessment. THREAT CATEGORY
THREAT
EXAMPLE
Human
Malicious outsider
Someone launches a denial of service attack on your cloud service platform An employee or trusted third party accesses cardholder data in an unauthorised manner from inside your network One or more people with key skills or knowledge are unavailable perhaps due to extended sickness An employee accidentally deletes cardholder data A manager loses a memory stick with cardholder data on it
Malicious insider Loss of key personnel Human error Accidental loss Natural
Fire Flood Severe weather Earthquake Lightning
Technical
Hardware failure Software failure Virus/Malicious code
Physical
Sabotage Theft Arson
Environmental
Hazardous waste Power failure Gas supply failure
Operational
Process error
Crime scene
Your data centre burns down due to an electrical fault The nearby river breaks its banks and your main office is severely flooded Non-one can get into the office due to the weather The area of your main data centre is affected by an earth tremor that damages all your servers All your servers are fried by a lightning strike on the data centre building A key physical server has a processor failure Your financial system processes invoices incorrectly due to a bug A virus spreads throughout your network preventing access to your (and your customers') data A disgruntled ex-employee takes an axe to your server room You come in on Monday morning to find some important drives have been stolen Someone with a grudge against your organisation starts a fire during the night A lorry carrying hazardous waste has an accident outside your office The sub-station supplying your area has a meltdown There is a suspected leak and all supplies are turned off Your new data transfer procedure doesn't cater for unexpected circumstances and cardholder data is lost or sent to the wrong destination A crime happens in or near your office and the area is sealed off by police
Likelihood This table should be used to decide upon the most appropriate likelihood for a particular threat. LIKELIHOOD DESCRIPTION
SUMMARY
1
Improbable
2 3
Unlikely Likely
Has never happened before and there is no reason to think it is any more likely now There is a possibility that it could happen, but it probably won't On balance, the risk is more likely to happen than not
4
Very Likely
5
Almost certain
It would be a surprise if the risk did not occur either based on past frequency or current circumstances Either already happens regularly or there is some reason to believe it is virtually imminent
Impact This table should be used as guidance to help to decide upon the correct impact rating for a particular threat. IMPACT LEVEL
IMPACT AREAS
Impact General Impact on product or rating description service quality
Impact on financial viability
Impact on staff or public well-being
Damage to reputation
Impact of breaching legal or Environmental damage regulatory requirements
1
Negligible
No effect
Very little or none
No adverse comment
No implications
2
Slight
Some
Localised discontent
Small risk of not meeting compliance
3
Moderate
4
High
Some local disturbance to normal business operations Can still deliver product/service with some difficulty Business is crippled in key areas
Very small additional risk Within acceptable limits
5
Very High
Out of business; no service to customers
Negligible
Small, very local impact that can be managed and corrected Unwelcome but could Elevated risk requiring Some internal and In definite danger of Impact restricted be borne immediate attention external criticism operating illegally geographically and can be corrected quickly Severe effect on Significant danger to A severe test of Operating illegally in some Geographically wide impact income and/or profit life customer loyalty areas area with a degree of cleanup possible over time Crippling; the Real or strong potential Trust in organization is Severe fines and possible Catastrophic impact organisation will go out loss of life irreparably damaged imprisonment of staff affecting the environment of business badly over a wide area
Classification of Risk Level The chart below shows the rating scheme used to determine risk level based on a combination of likelihood and impact. RISK SCORE 5 HIGH 4
Risk Likelihood
MEDIUM
3
2 LOW 1
1
2
3
Risk Impact
4
5