Scribd Logo
Upload

Welcome to Scribd!

  • Company

    Uploaded by

    Sabhaya Chirag
    10 views6 pages
    information

    Copyright

    © © All Rights Reserved

    Available Formats

    RTF, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    information

    Copyright:

    © All Rights Reserved
    Download as RTF, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    10 views6 pages

    Company

    Uploaded by

    Sabhaya Chirag
    information

    Copyright:

    © All Rights Reserved
    Download as RTF, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    Threat Source Threat Risk Risk Impact Risk Risk Management

    Likelihood Rating Measure


    Inappropriate The level of EOI Dependant  Risk rating
    EOI documentation on the nature process -
    or the EOI of the

    process may be application
     This involves
    inappropriate in or specific
    pre-determining
    comparison with high-risk
    the risk of
    the risk of transactions.
    particular
    applications and
    categories of
    transactions that
    applicants and
    can be
    requiring EOI
    performed using
    documentation or
    the Certificate.
    processes that
    are appropriate to
    that risk.

     This can
    sometimes be a
    mix of risk rating
    tools rather than
    a single risk
    rating process.

    Accidental submission

    Threat Threat Risk Risk Impact Risk Risk


    Source Likelihood Rating Management
    Measure
    Accidental Accidental Reduced Often only  Risk rating
    submissio submission of for face to results in process
    n inaccurate face inconvenienc

    identification submissio e or need for
     Duplication
    documents n re-entry –
    checks
    and low risk of
    (checking for
    information by fraud.
    the applicant duplicate
    may be a names,
    Somewhat
    threat in some numbers
    dependant
    circumstances photos or
    on the nature
    . other entries).
    of the
    application 
    or specific
     Matching to
    high-risk
    internal or
    transactions.
    external data
    sets.

     Random
    sample
    checking.
    Deliberate submission

    Threat Threat Risk Risk Impact Risk Risk


    Source Likelihood Rating Management
    Measure
    Deliberate Deliberate Dependant Likely to be  Risk rating
    submissio submission on the high as the process
    n of fraudulent nature of intention is

    identification the to commit
     Duplication
    documents application fraud.
    checks
    and or specific
    (checking for
    information. high-risk
    Dependant duplicate
    transaction
    on the names,
    s.
    nature of numbers
    the photos or other
    application entries).
    or specific

    high-risk
    transaction  Matching to

    s. internal or
    external data
    sets.

     Random
    sample
    checking.
    Failure of proper checks

    Threat Threat Risk Risk Impact Risk Risk


    Source Likelihood Rating Management
    Measure
    Failure Staff may Can be Likely to be  Staff training.
    of proper accidentally higher for high as a

    checks fail to perform new possible
     Documentati
    proper deployment intention is
    on of
    checks s. fraud.
    processes.
    resulting in
    acceptance of 
    Somewhat
    inaccurate
    dependant  Duplication
    identification
    on the checks
    documents
    nature of (checking for
    and
    the duplicate
    information.
    application names,

    or specific numbers photos

    Staff may not high-risk or other

    be transaction entries).

    appropriately s. 
    trained to
     Matching to
    recognise
    internal or
    submitted
    external data
    false or
    sets.
    inaccurate
    EOI 

    documents.  Random
    sample
    checking by a
    person other
    than the staff
    member who
    initially
    performed the
    checks.


     Secondary
    checks (e.g. for
    new staff or
    staff assigned
    to new roles).

    4.5.5 Staff collusion

    Threat Threat Risk Risk Impact Risk Risk


    Source Likelihood Rating Management
    Measure
    Staff Staff may Somewhat Somewhat  Vetted
    collusion deliberately dependant dependant operations staff.
    collude with on the on the

    the applicant nature of nature of
     Strict HR
    resulting in the the
    policies.
    acceptance application application
    of false EOI or specific or specific 
    documents. high-risk high-risk
     Transaction
    transaction transaction
    logging.
    s. s.

     Secondary
    Note:
    checks.
    Impact can
    be very 

    broad due  Random


    to sample
    reputation checking by a
    damage if person other
    staff than the staff
    collusion is member who
    revealed. initially
    performed the
    checks.
    User and Relying Party Business Procedures

    Threat Threat Risk Risk Impact Risk Risk


    Source Likelihood Rating Management
    Measure
    Adequacy Security Somewhat Somewhat  Specific
    of practices of depends on dependant clauses within
    Subscribe the the on the policy
    r and Subscriber Organisation’ nature of the statements
    Relying and Relying s security application and
    Party Party may culture and or specific Subscriber
    Business leave other high-risk agreements.
    Processe Certificates variables Transactions

    s. accessible such as size, .
     Continuing
    by other staff number of
    education.
    members. staff involved
    However, it
    etc. 
    will
    Staff invalidate,  Best

    members In general the practice/

    and the likelihood Certificates benchmarking.

    management is expected once 


    may to be high. uncovered
     Audit
    informally and reduces
    checks by the
    allow the
    Subscriber
    sharing of assurance
    and Relying
    Certificates. that can be
    Party.
    had for non-
    repudiation
    purposes.

    1.1

    You might also like