Consequence Criteria: the impact that risk events could have on assets. Users define risk impact statements and ratings.
Likelihood Criteria: the probability that a risk event will occur despite existing controls (and corresponding levels of susceptibility/vulnerability to assessed Threat Actors/Hazards). Users define risk likelihood statements and ratings within the table provided.
Risk Tolerance: Allows users to indicate a level of risk that the organisation is willing to accept (subject to any stated conditions). Risk rating values and associated colours are defined here for the Risk Matrix below.
Risk Matrix: Allows users to select values for each cell of the matrix based on previously defined Consequence and Likelihood criteria. Note: risk rating values/colours will only appear within the Risk Matrix once the Risk Tolerance table has been populated.