Beau-Tie
Click to select. Hold
Shift
or
Ctrl
and drag a control to reposition.
New
Import
Export
Matrix
Record
Customer data breach · Acme Corp · Customer Platform
Risk name
Risk owner
Company
Business unit
Date
Tags
security
iso31000
Causes
Risk event
Impacts
Cause: Phishing of staff credentials
Phishing of staff credentials
Cause: Unpatched software vulnerability
Unpatched software vulnerability
Impact: Regulatory fines and penalties
Regulatory fines and penalties
Impact: Reputational damage
Reputational damage
Phishing awareness training, preventive control, existing, partially effective
P
Email filtering, preventive control, existing, effective
P
MFA rollout, preventive control, planned for 0–3 months
P
Patch management process, preventive control, existing, partially effective
P
Vulnerability scanning, detective control, existing, effective
D
Automated patching pipeline, preventive control, planned for 3–6 months
P
Breach notification protocol, corrective control, existing, effective
C
Privacy compliance program, directive control, existing, highly effective
Di
Crisis communications plan, corrective control, existing, partially effective
C
Customer notification process, corrective control, existing, effective
C
External PR retainer, corrective control, planned for 0–3 months
C
Risk event: Loss of sensitive customer data
Loss of sensitive customer data
Residual
(R)
L4
Likely
▼
C4
Major
▼
Extreme
Target
(T)
L2
Unlikely
▼
C3
Moderate
▼
Moderate
Appetite
(A)
Disabled
Risk matrix
Moderate — L5 × C1
High — L5 × C2
High — L5 × C3
Extreme — L5 × C4
Extreme — L5 × C5
Moderate — L4 × C1
Moderate — L4 × C2
High — L4 × C3
Extreme — L4 × C4
Extreme — L4 × C5
Low — L3 × C1
Moderate — L3 × C2
Moderate — L3 × C3
High — L3 × C4
Extreme — L3 × C5
Low — L2 × C1
Low — L2 × C2
Moderate — L2 × C3
High — L2 × C4
High — L2 × C5
Low — L1 × C1
Low — L1 × C2
Moderate — L1 × C3
Moderate — L1 × C4
High — L1 × C5
C1
C2
C3
C4
C5
L5
L4
L3
L2
L1
R
T