Information Security Risk Assessment Questionnaire

This questionnaire is designed to assist with reviewing and documenting the risk profile of your organization’s information processing activities. It contains ten sections, as per ISO/IEC 27002:2005. The major focus areas include: security policy, asset management, human resources security, physical and environmental security, communication and operational management, business continuity management, and compliance.

Sample questions include: Does an information security policy and a security strategy exist? Describe the lifecycle process of information security policies at your organization. Were appropriate parties involved in the development of policies? How is the security policy communicated?

Topics: Risk Assessment, IT Infrastructure, Segregation of Duties, Governance Risk & Compliance, IT Security, IT Risk

Create Account

Free 30 Day Trial

Single Subscription

Group Free 30 Day Trial

Group Subscription

Already have an account? Login

See subscription details and pricing.

Related Resources

Information Security Work Program

Information Security Development Policy

Information Security Overview Policy

Security Assessment Report

View All KnowledgeLeader Risk and Control Matrices (RCMs)