Information Security Risk Register

Risk Register – outputs each of the risk statements, the risk treatment decision and the owner. Each risk that is identified should be reviewed and undergo treatment by applying one of the following:

• Reduce – Apply the recommendation and improve the appropriate control
• Accept – Knowingly and objectively accept the risk
• Avoid – Change the business or environment to stop completing the related activity
• Transfer – Outsource/transfer the risks to other parties.

Overview of Risk Register

The 'Risk Register' page within Abriska can be reached by selecting ‘Risk Analysis’ and then 'Risk Register' from the sidebar on the organisation home.

Abriska enables all sources of risk, events that might affect the achievement of objectives (whether creating, enhancing, preventing, degrading accelerating or delaying their achievement), areas of impact and their causes to be identified and listed and their ownership documented. These can be identified through referencing and reviewing Abriska’s threat libraries and/or through custom input collected by the organisation through a variety of information gathering techniques.

Abriska’s 31000 module shows a Risk Register of Current Risks, a Risk Matrix (or Heat Map) plotting identified risks according to their impact and likelihood against the organisation’s risk appetite, and a summary of Risks Over Time.

The Risk Register can be used as a formal record of risks, to document risk analysis, facilitate ownership and management of risks, input into and document the outcomes of the risk evaluation and risk treatment processes.