Risk Matrix Form for OPC-A infoman 00386554

  • 格式:xls
  • 大小:112.00 KB
  • 文档页数:1

Version 1.0
Weighted Score
Internet banking (outage period - unable to log-in) for individuals for corporates Phonebanking (% network failure) Others (Please state) Business Units Operations Continuity of business-as-usual WAN (% of users) state Murex (% of users) Network - LAN (% of users) Others (Please state) Key Change Management Risk Indicators Installation Complexity, time period for completion Lengthy, highly complex May require singnificant scheduled downtime (> 8 hours) Not too complex and Normal, repetitive well understood Minimal scheduled Scheduled dowmtime downtime (<2) normal (2< but < 8) >= 50 >= 50 >= 50 >=10 >=10 >=10 <10 <10 <10 3 3 9 between 7 am to 1 pm between 7 am to 12 am 80 to 100 between 1 pm to 7 am between 12 am to 7 am 50 to< 80 slowness in logins slowness in logins > 25 but < 50 15
Page 1
Appendix 1
Instruction : a) Fill in the Gross Score of 1 (High Risk), 2 (Medium Risk) or 3 (Low Risk) for each item b) Each item is mandatory. For items that are not applicable, this is rated a "3" (Low Risk) c) For score < 2, it is mandatory to fill in Risk Treatment Details d) Translate Average Weighted Score (ie. Risk Score) to the Category 1, 2 or 3 accordingly in Change Request Form /ChangeMan/ Infoman where the Risk Score 1.00 -1.65 = Cat 1, 1.66 - 2.30 = Cat 2, 2.30 - 3.00 = Cat 3 Change Request No : Infoman 00386554 (Applicable to ChangeMan and Infoman only)
Risk Impact Assessment for Change Process
Risk Exposures (examples) High Description Business Impact Customer Service Availibility of distribution channels ie; ATMs, branch operations, internet banking, etc. ATMs (%) Teller at branches (numbers) Call center (%) 100 > 10 50 to 100 50 to < 100 > 5 but < 10 > 25 but < 50 10 to < 50 <5 < 25 3 5 Examples 1 Medium 2 Low 3 Gross Score Weightage
3
1
3
Interfaces
Number of interfaced systems or applications affected
3
1 13
3 3.000
WEIGHTED AVERAGE SCOHale Waihona Puke ERisk Treatment
Preventive Measures Long Term: Short Term: Detective Measures Long Term: Short Term: Damage Control Measures Long Term: Short Term:
Easy 3 Little or none 3 1 3 1 3
Documentation and user training Security
Effect on systems security, systems infrastructure and firewall rules
Minor, need for Little or none follow-up to ensure security parameters are not compromised 5 to 9 <5
3
1
3
Backout plans
Availability and ease of implementation Extent and requirements
Difficult or impossible Not too difficult and to execute have been implemented before Considerable, requiring extensive training for users Major, rendering security breaches requiring full assessment of security parameters >10 Minimal