A risk scenario is a potential event that poses a risk to the organization.
Below is an example of a risk scenario:
Personnel gains unauthorized access to data
Risk scenarios can be delegated to responsibles and accountables
New risk scenario
Click on ‘New risk scenario’ to create a new risk scenario here. You can fill in master data on the new risk scenario and click Save. This feature is limited to Client/Partition admins.
Fill out or approve the master data for the risk scenario
Write the name of the risk scenario e.g. “Personnel gains unauthorized access to data”
Describe the risk scenario in detail. The purpose is to let relevant people in the organization know, how this risk scenario affects the organization.
As an example, the Risk Acenario “Personnel gains unauthorized access to data” could be described as follows:
Unauthorized access to data can lead to a breach of privacy or the leak of business sensitive or proprietary information.
Here it is possible to create tags that allow the risk scenarios to be searched using an alternative keyword.
Add the relevant risk category to your risk scenario.
Risk categories contain the risk criteria definitions and the risk tolerance level. Your organization may work with multiple risk categories, so select the one that fits your risk scenario.
As an Admin you can edit or add risk categories here
Select the desired scope from the drop-down. You may add multiple scopes to a risk scenario. The scope determines what types of assets the risk scenario will be made available to.
Select if it should be possible to assess the risk scenario against business and/or privacy risk.
Assign the users responsible for documenting the risk scenario. It is possible to add several users as responsible if necessary. One user can be marked as the overall accountable, by marking this person with the star-icon.