Information Security Risk Assessment and Tool
The Queen's Risk Assessment Tool has been developed by Queen's Information Systems Security Office to facilitate conducting risk assessments by the Queen's community. This procedure provides information that will be useful in completing the risk assessment and includes sample asset descriptions, threats, vulnerabilities and safeguards that should be considered during a risk assessment exercise.
- Long Form - Designed to be used for:
The long form tool is Excel based and leverages Excel's lookup table capability to make entering the required information faster and more consistent. The tool has been organized into tabs that correspond to the relevant step in the threat and risk assessment process. Information is automatically linked between these tabs to reduce the requirement to re-enter information for each subsequent step of the analysis.
- Large and medium sized projects
- Large IT deployments such as new storage systems and new networks
- All other types of large IT and information changes and many other risk assessment needs.
- Short Form - Designed to be used for:
The short form tool is Excel based and is designed to fit an entire risk assessment on a single page. It should be used for less complex IT systems and for summary purposes.
Small IT projects such as new software application development, upgrades, hardware or database changes, etc.
- All other types of small IT and information changes and many other risk assessment needs.
Download templates (NetID login required)