Risk Report Test Case

A global bank wants to use a 3rd party supplier service to move enormous supplier contract
data/ historic financial data from on-premise to multi-tenant cloud. Objective is to enable
Supply Chain Management (SCM) function perform analysis on the data for business decision.
This services has an UI Interface for the SCM staff members to login and upload or download
files. The service also integrates with other applications within other sub-business units
located in different regions/data centers.
- identify minimum 5 potential risks, what are the consequences if incident happens
- identify the IT Assets in the scenario that are vulnerable for attack
-who are the threat actors what are the means in which they can exploit the above vulnerability
-what controls in line with ISO 27001 or NIST 800-53 would you recommend to mitigate the
above risks

Please fill the report as per the below format -

Risk Assessment Report

Prepared By: Dhawan, Atul

 Table of Contents
1 OVERVIEW ........................................................................................................................ 4
2 EXECUTIVE SUMMARY .................................................................................................... 5
3 RISK ASSESSMENT .......................................................................................................... 6
1 OVERVIEW
Please brief your risk assessment outcome, like gaps, risks, what would you suggest as a mitigating plan,
controls. What would be your risk strategy?

The Confidentiality, Integrity, and Availability (CIA) rating was assessed as below, please provide
justification:

Overall Rating:
Confidentiality:
Integrity:
Availability:
Visibility:
2 EXECUTIVE SUMMARY
Please give a detailed summary on the risk assessment, what all methodologies you used to identify
potential risks

What were the areas of concern noted in the risk assessment which could result in impact to company.

You can highlight

Access management.
Data management
Data classification
Incident handling
Data transmission
Asset maintenance
The technical architecture security

What are you mitigation plans, strategy, control -

Effective incident management program.
SOC 2 Type II
Remediation.

The risk assessment and recommendations should be limited to the scope and based on information
provided only
 3 RISK ASSESSMENT
1. Risk Statement:
Please prepare a risk statement

Risk Description:
Please describe the risk

Mitigating Controls:
Suggest your mitigation plan

Recommended Mitigation Strategies:

Please explain you strategy
2. Risk Statement:
Please prepare a risk statement

Risk Description:
Please describe the risk

Mitigating Controls:
Suggest your mitigation plan

Recommended Mitigation Strategies:

Please explain you strategy
3. Risk Statement:
Please prepare a risk statement

Risk Description:
Please describe the risk

Mitigating Controls:
Suggest your mitigation plan

Recommended Mitigation Strategies:

Please explain you strategy
4. Risk Statement:
Please prepare a risk statement

Risk Description:
Please describe the risk

Mitigating Controls:
Suggest your mitigation plan

Recommended Mitigation Strategies:

Please explain you strategy
5. Risk Statement:
Please prepare a risk statement

Risk Description:
Please describe the risk

Mitigating Controls:
Suggest your mitigation plan

Recommended Mitigation Strategies:

Please explain you strategy