Risk Criteria and Matrix
Risk Criteria Elements
- Consequence Criteria: the impact that risk events could have on asssets. Users define risk impact statements and ratings.
- Likelihood Criteria: the probability that a risk event will occur despite existing controls (and corresponding levels of susceptibility/vulnerability to assessed Threat Actors). Users define risk likelihood statements and ratings within the table provided.
- Risk Tolerance: Allows users to indicate a level of risk that the organisation is willing to aceept (subject to any stated conditions). Risk rating values and associated colours are defined here for the Risk Matrix below.
- Risk Matrix: Allows users to select values for each cell of the matrix based on previously defined Consequence and Likelihood criteria. Note: risk rating values/colours will only appear within the Risk Matrix once the Risk Tolerance table has been populated.