Risk Register

Abriska generate s a list of risk statements which express the top risks to the organisation. Each risk statement is generated in a generic format which can then be overwritten by the user. The following format is utilised:
Threat to Supporting Resource | Information Processing Facilities will affect the {C, I and A} of Information due to {maturity of Control(s)| Vulnerability}.
E.g.
A. Power failure to email system will affect the Availability of Customer Data due to a lack of 11.2.2 Supporting Utilities.
B. Theft by third parties to Reading Office will affect the Confidentiality of Client Folders due to a lack of 11.1.6 Delivery and loading areas.
C. Technical Failure of a Main Computer or its Storage Devices to AS400 will affect the Integrity and availability of Client Data due to Legacy Hardware.

Each risk statement can be overwritten to provide a clearer statement, for example, Statement B above could be re-written as “Theft of client folders from the warehouse by delivery drivers due to insufficient segregation between incoming and outgoing post”.
Each risk statement has a risk score associated with it and is available within the online risk register. The ability to assign a risk owner and risk treatment decision is available from this page.
Output:
Risk Register – outputs each of the risk statements, the risk treatment decision and the owner. Each risk that is identified should be reviewed and undergo treatment by applying one of the following:

• Reduce – Apply the recommendation and improve the appropriate control