Requestor: Mr the Plague (eugene@boatflipper.net)
Created Date: D/M/Y or M/D/Y
Last Updated: D/M/Y or M/D/Y
Tickets: e.g. SECURITY-31337
Risk Severity: Critical
Risk Owner: Hal (hal@boatflipper.net)
~4 sentences of the security risk, and it's impact to the company/customers/employees.
What are the reasons? Due to shortage of staff/funding? Architecture limitations?
This section should be filled out by the risk owner, and verified by the security team.
Pros of accepting this exception
- Fill in
Cons of accepting this exception
- Fill in
This section should contain
- All technical details
- Solutions explored
- Mitigating controls
Details of the fix and timing, or business case for why the risk should be accepted.
This should provide a remediation plan when an issue is delayed vs accepted. This demonstrates that key stakeholders have identified the solution and have a plan established.
| Date | Name | Role | Involvement | Status |
|---|---|---|---|---|
| 12/31/1999 | Margo | CEO | Risk Approver | Under review |
| 12/31/1999 | Hal | IT Administrator | Risk Owner | Approved |
| 12/30/1999 | Mr the Plague | CISO | Security Leader | Acknowledged accuracy and recommendations |
| Name | Role | Involvement |
|---|---|---|
| Mr the Plague | Infosec leader | Security Leader |
| Hal | IT Administrator | Subject matter expert |
| Dade | "Pentester" | His mom bought him a "puter for christmas" |
- Policies the exception would violate
- Compliance certifications this exception may impact
- Tickets and documents and notes related to the issue
Template version 1.0 copied from Sectemplates.com 2024