Create New Risk
Create New Risk
Before adding a risk, you can use the search functionality on the right part of the screen in the "Risks" workbook to see if this risk (or a similar one) has already been added.
To add new risk, simply press the button named Create New Risk and fill out the form.
Risk form
This is where you assess of the level of current risk, taking into account any controls already in place to address it. Mandatory fields will be highlighted in red if not filled out.
Risk form consists of:
- Title - Make a short description of the risk.
- Description - What may happen if the asset's vulnerabilities are exploited? What are the vulnerabilities?
- Type - What kind of effect will the risk have? Will it affect the strategy, operations, etc?
- Category - The logical group of assets that are under consideration.
- Owner - Name of the person responsible for the risk.
- Likelihood - Select a score from 1-5, 1 being low, 5 being high.
- Likelihood rationale - Brief explanation of why the likelihood score was assigned.
- Impact type - What will be affected if the risk occurs?
- Impact - Select a score from 1-5, 1 being low, 5 being high.
- Impact rationale - Brief explanation of why the impact score was assigned.
- Risk response - Is the risk acceptable, or does it need to be lowered?
- Currency and estimated risk effect - Add an estimated monetary risk effect, if applicable.
- Control reference - Are there existing controls in place that affects the risk? E.g. firewalls for IT risks.