Risk Criteria and Matrix
Risk Criteria Elements
- Consequence Criteria: the impact that risk events could have on asssets. Users define risk impact statements and ratings (top row).
- Likelihood Criteria: the probability that a risk event will occur with regard to existing controls (and corresponding levels of susceptibility to assessed Threat Actors). Users define risk likelihood statements and ratings (left column).
- Risk Tolerance: Allows users to indicate a level of current risk that the organisation is willing to aceept. Risk rating values and associated colours are defined here for the Risk Matrix below.
- Risk Matrix: Allows users to select values for each cell of the matrix based on previously defined Consequence and Likelihood criteria. Note: risk rating values will only appear within the Risk Matrix once Risk Tolerance levels have been defined.