Submitted by: Submitted by dandgcole
Views: 250
Words: 2430
Pages: 10
Category: Business and Industry
Date Submitted: 09/13/2012 05:47 PM
1 INTRODUCTION
The purpose of this risk assessment is to determine if controls surrounding the credit card processing, within the corporation is meeting management’s expectations
• The participants and their roles in the risk assessment in relation to their assigned responsibilities at the corporation;
• The techniques used to gather the necessary information (e.g., the use of tools, questionnaires); and
• The risk classifications used are encouraged to classify risks as High, Moderate or Low in accordance with the definitions in the Standard.
This risk assessment builds upon earlier risk assessments performed by the staff. In addition, an IT Security Audit, conducted by Fidder’s Fine Merchandise Internal Audit Services staff on
January 24, 2009 was utilized. This risk assessment was performed in accordance with a methodology described in ITRM Guideline, and utilized interviews and questionnaires developed by Fidder’s Fine Merchandise staff to identify Fidder’s Fine Merchandise
• Vulnerabilities;
• Threats;
• Risks;
• Risk Likelihoods; and
• Risk Impacts.
Participants and their roles in this risk assessment included the following:
• Mike Vail, Fidder’s Fine Merchandise Information Security Officer, and Frank Tran, Audit Director
High: The loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.
Moderate: The loss of confidentiality, integrity, or availability could be expected to have a serious adverse effect on organizational operations, organizational assets, or individuals.
Low: The loss of confidentiality, integrity, or availability could be expected to have a limited adverse effect on organizational operations, organizational assets, or individuals.
2 - IT SYSTEM CHARACTERIZATION
IT system characterization is defined and the scope of the risk assessment effort. Used the previously developed IT System...