Cyber Security Risk Assessment Checklist

Use this Cyber Security Risk Assessment Checklist to identify, evaluate and counter cyber threats, following the NIST Cybersecurity Framework.

Cyber Security Risk Assessment Checklist



Identify Threats And Vulnerabilities

1. Have potential threats to critical assets (e.g., malware, insider threats, natural disasters) been identified?


Photo Comment

2. Have vulnerabilities within systems and processes that could be exploited by threats been assessed?


Photo Comment
Assess Current Controls

1. Have existing cybersecurity controls and safeguards in place been evaluated?


Photo Comment

2. Has the effectiveness of controls in mitigating identified risks been determined?


Photo Comment
Identify Gaps

1. Has a comparison of current controls against the NIST CSF categories and subcategories been made?


Photo Comment

2. Have gaps where controls are insufficient or missing been identified?


Photo Comment
Risk Measurement

1. Has the likelihood and impact of identified risks been determined?


Photo Comment

2. Have qualitative and/or quantitative methods been used to assess risk levels?


Photo Comment
Prioritize Risks

1. Have risks been prioritized based on their potential impact and likelihood?


Photo Comment

2. Has the organization’s risk appetite and tolerance been considered?


Photo Comment
Develop Risk Treatment Plans

1. Have strategies to mitigate or manage identified risks been developed?


Photo Comment

2. Have responsibilities and timelines for implementing risk treatment plans been assigned?


Photo Comment
Implement Controls

1. Have additional controls or enhancements to existing controls been implemented as per the risk treatment plans?


Photo Comment
Monitor And Review

1. Have mechanisms for ongoing monitoring of implemented controls been established?


Photo Comment

2. Is there a process to regularly review and update risk assessments based on changes in the threat landscape or organizational environment?


Photo Comment
Communicate And Report

1. Have assessment findings, risk treatment plans, and progress been communicated to stakeholders?


Photo Comment

2. Have reports documenting assessment results, including identified risks, control gaps, and mitigation strategies, been generated?


Photo Comment
Continuous Improvement

1. Is there a process in place to continuously improve the organization’s cybersecurity posture based on lessons learned from the assessment process?


Photo Comment

2. Is feedback incorporated and the risk management approach adapted as needed?


Photo Comment
Compliance And Documentation

1. Has compliance with regulatory requirements and internal policies been ensured?


Photo Comment

2. Has thorough documentation of the risk assessment process, findings, and actions taken been maintained?


Photo Comment
Assessment Scope

1. Are the systems, assets, and processes to be assessed identified?


Photo Comment

2. Have the boundaries and limitations of the assessment been determined?


Photo Comment
Assessment Team

1. Has a team with expertise in cybersecurity, risk management, and relevant domains been assembled?


Photo Comment

2. Have roles and responsibilities been assigned within the team?


Photo Comment
Understand The NIST CSF

1. Has the team been familiarized with the NIST Cybersecurity Framework and its components (Functions, Categories, Subcategories, Informative References)?


Photo Comment
Identify Critical Assets

1. Have critical assets and systems been identified and prioritized based on their importance to the organization’s mission and objectives?


Photo Comment

Is this sample what you are looking for?
Sign up to use & customise this template, or create your own custom checklist:

Checklist by GoAudits.com – Please note that this checklist is intended as an example. We do not guarantee compliance with the laws applicable to your territory or industry. You should seek professional advice to determine how this checklist should be adapted to your workplace or jurisdiction.

Easy inspection app for your digital checklists