Please enable javascript to view this page in its intended format.

Queen's University
 

Information Security Risk Assessment and Tool

The Queen's Risk Assessment Tool has been developed by Queen's Information Systems Security Office to facilitate conducting risk assessments by the Queen's community. This procedure provides information that will be useful in completing the risk assessment and includes sample asset descriptions, threats, vulnerabilities and safeguards that should be considered during a risk assessment exercise. 

  1. Long Form - Designed to be used for:
    • Large and medium sized projects
    • Large IT deployments such as new storage systems and new networks
    • All other types of large IT and information changes and many other risk assessment needs.
    The long form tool is Excel based and leverages Excel's lookup table capability to make entering the required information faster and more consistent. The tool has been organized into tabs that correspond to the relevant step in the threat and risk assessment process. Information is automatically linked between these tabs to reduce the requirement to re-enter information for each subsequent step of the analysis.

  2. Short Form - Designed to be used for:
    • Small IT projects such as new software application development, upgrades, hardware  or database changes, etc.
    • All other types of small IT and information changes and many other risk assessment needs.
    The short form tool is Excel based and is designed to fit an entire risk assessment on a single page. It should be used for less complex IT systems and for summary purposes.

Resources

Download templates (NetID login required)

Questions?

If you have any questions regarding the use of the tool, inquiries can be directed to the Information Systems Security Office.

 

Kingston, Ontario, Canada. K7L 3N6. 613.533.2000