Documente Academic
Documente Profesional
Documente Cultură
The original version of this spreadsheet was kindly provided to the ISO27k Implementers' Forum by Bala Ramanan to dem
security risks. Subsequently, Bala kindly agreed to donate it to the ISO27k Toolkit. Apart from minor updates and reformatting
Contents
The FMEA Sample tab has the actual illustration - an analysis of possible failure modes for a firewall.
The Guidelines provide additional notes on the FMEA method, including a step-by-step process outline.
The Severity, Probability and Detectability tabs have tables demonstrating scales commonly used to rank risks by these criteria
Copyright
This work is copyright 2008, ISO27k Forum, some rights reserved. It is licensed under the Creative Commons Attribution-N
circulate, use and create derivative works from this provided that (a) it is not sold or incorporated into a commercial produ
www.ISO27001security.com, and (c) derivative works are shared under the same terms as this.
Disclaimer
Risk analysis is more art than science. Don't be fooled by the numbers and formulae: the results are heavily influenced by th
information assets and on the framing of risks being considered. For these reasons, the process is best conducted by a team
and managing information security risks, and (b) the organization, its internal and external situation with respect to informat
impossible to guarantee that all risks have been considered and analyzed correctly. Some very experienced practitioners in
some sympathy with that viewpoint.
The results of the analysis should certainly be reviewed by management (ideally including IT auditors, Legal, HR, other s
adjusted according to their experience, so long as the expert views are taken into consideration. Remember: just because
security risk does not necessarily mean that it can be discounted. Organizations with immature security management proce
are not even recognized, due to inadequate incident detection and reporting processes.
Important notes:
Now identify the effect, if the identified failure mode happens. That if the identified failure mode happens what will be the effec
Now refer the severity chart and choose the number relevant to the effect of the failure mode
Now identfiy the cause for the failure mode. Please note that each failure mode can have more than one cause.
Now refer to the probability chart and choose the number that is more relevant to the frequency of the cause happening.
Now list down the current controls. Kindly categorize the controls as preventive and detective controls. Write each control in se
Now refer to the detectability chart and choose a number relevant to the effectiveness of the controls.
You can now see the Risk Priority Number calculated for a failure mode of the respective asset function.
Now if the RPN is not under the acceptable value then the risk status shows "HIGH RISK", recommendation to mitigate each o
down. Kinldy list each control in separate rows.
Now identify who will implement the recommended control and by what target date the recommended control would be implem
Now if the RPN is under the acceptable value then the risk status shows "LOW RISK". Else it displays as HIGH RISK. If it is H
repeated from step 1.
Refer the Probability Chart
Refer the Detectability Chart
New RPN is calculated. Compare it with the acceptable norms and if not satisfying then redo the same process.
If the organization is well controlled with relatively few HIGH RISK items, the 5% value may be extended to, say 15% to addres
Alternatively, if there are simply too many HIGH RISK items to tackle at once, they may be addressed in top-down sequence a
The prioritized list of risks provides management with a rational basis for determining how much resource to apply to risk reduc
down the list if more resources are allocated, and vice versa.
FMEA Sample
Current Controls
Sl.No.
Business / Service
Asset Name
Asset Number
Function
Potential Failure
Mode(s)
Protecting IT
Assets
Firewall
5000
To block
unauthorized
requests
Rules not
appropriately
configured
Protecting IT
Assets
Protecting IT
Assets
Protecting IT
Assets
Protecting IT
Assets
Firewall
Firewall
Firewall
Firewall
5000
To block
unauthorized
requests
Rules not
appropriately
configured
Potential Business
Consequence(s) of
Failure
S
e
v
Potential Cause(s)/
Mechanism(s) of
Failure
IP Spoofing
Diversion of
sensitive data
traffic, fraud
Procedures not
followed
Disclosure or
modification of
business
records;
7
prosecution; bad
PR; customer
defection
Procedures not
followed
DDOS Attack
Inability to
process
electronic
Procedures not
10
transactions; bad
followed
PR; customer
defection
Procedures
available
Entry for
External
Hackers
Preventive
Controls
Procedures
available
5000
To block
unauthorized
requests
5000
To identify
trusted zones User awareness
by encryption
CIA
Compromised
Disclosure of
customer
database;
commercial and
privacy issues
Procedures not
followed
Policies
Defined
5000
Authentication
mechanism
using legacy
systems having
improper
configuration
Staff unable to
work; backlogs;
bad PR
Policies
Defined
To identify
trusted zones
by encryption
Rules not
appropriately
configured
P
r
o
b
Potential Technical
Effect(s)
of Failure
Page 5
FMEA Sample
Current Controls
Sl.No.
3
Business / Service
Protecting IT
Assets
Protecting IT
Assets
Asset Name
Firewall
Firewall
Asset Number
Function
Potential Failure
Mode(s)
Potential Technical
Effect(s)
of Failure
5000
To block
unauthorized
requests
Rules not
appropriately
configured
Entry for
External
Hackers
Potential Business
Consequence(s) of
Disclosure
or
Failure
S
e
v
modification of
business
records;
7
prosecution; bad
PR; customer
defection
Potential Cause(s)/
Mechanism(s) of
Failure
P
r
o
b
Procedures not
followed
Inability to
process
electronic
Procedures not
10
transactions; bad
followed
PR; customer
defection
5000
To block
unauthorized
requests
Rules not
appropriately
configured
DDOS Attack
Encryption level
(56 bit or 128
bit) mismatch
Data will be
exposed as
plain text
Disclosure of
customer
database;
commercial and
privacy issues
Rules not
appropriately
configured
Data Theft
Commercial and
privacy
consequences
Procedures not
available
Protecting IT
Assets
Firewall
5000
To identify
trusted zones
by encryption
Protecting IT
Assets
Firewall
5000
To block
unauthorized
requests
Page 6
Procedures
available
Policies
Defined
Nil
FMEA Sample
Action Results
Recommended
Controls
Current Controls
Increase audit
frequency
56
40
30
Not Required
30
User Awareness
New RPN
64
Detective Controls
New Occ
Preventive
Controls
New Det
Log
Monitoring
D
e
t
Implemented Controls
New Sev
Detective
Controls
R
P
N
Increase audit
frequency
30
Increase audit
frequency
Increase audit
frequency
30
Increase audit
frequency
Increase audit
frequency
20
Not Required
Business owner
to formally
accept risk
20
15
Responsibility &
XYZ by end
March 2006
Preventive
Controls
User Awareness
Page 7
FMEA Sample
Action Results
Recommended
Controls
D
e
t
New Occ
New Det
New RPN
Log
Monitoring
Implemented Controls
R
P
N
New Sev
Current Controls
28
Increase audit
frequency
Increase audit
frequency
20
Increase audit
frequency
Increase audit
frequency
14
User Awareness
XYZ by end
March 2006
User Awareness
14
User Awareness
XYZ by end
March 2006
User Awareness
Responsibility &
Target Completion
Date
Page 8
Severity
Effect
SEVERITY of Effect
Ranking
10
Catastrophic
Extreme
High
Moderate
Low
Very Low
Minor
Very Minor
None
No effect
Very High
Page 9
8
7
Severity
Page 10
Severity
Page 11
Severity
Page 12
Severity
Page 13
Severity
Page 14
Probability
PROBABILITY of Failure
Very High: Failure is almost inevitable
10
1 in 3
1 in 8
1 in 20
1 in 80
1 in 400
1 in 2,000
1 in 15,000
1 in 150,000
<1 in 1,500,000
Page 15
Detectability
Detection
Absolute
Uncertainty
Very Remote
Remote
Very Low
Low
Moderate
Moderately High
High
Very High
Almost Certain
Likelihood of DETECTION
Control cannot prevent / detect potential cause/mechanism
and subsequent failure mode
Very remote chance the control will prevent / detect potential
cause/mechanism and subsequent failure mode
Remote chance the control will prevent / detect potential
cause/mechanism and subsequent failure mode
Very low chance the control will prevent / detect potential
cause/mechanism and subsequent failure mode
Low chance the control will prevent / detect potential
cause/mechanism and subsequent failure mode
Moderate chance the control will prevent / detect potential
cause/mechanism and subsequent failure mode
Moderately High chance the control will prevent / detect
potential cause/mechanism and subsequent failure mode
High chance the control will prevent / detect potential
cause/mechanism and subsequent failure mode
Very high chance the control will prevent / detect potential
cause/mechanism and subsequent failure mode
Control will prevent / detect potential cause/mechanism and
subsequent failure mode
Page 16
Ranking
10
9
8
7
6
5
4
3
2
1