| 3LikelihoodLevels |
Scale with 3 Likelihood Levels from High to Low |
| HighLikelihood |
Level where Likelihood is High |
| LowLikelihood |
Level where Likelihood is Low |
| ModerateLikelihood |
Level where Likelihood is Moderate |
| 3RiskLevels |
Scale with 3 Risk Levels from High to Low |
| HighRisk |
Level where Risk is High |
| LowRisk |
Level where Risk is Low |
| ModerateRisk |
Level where Risk is Moderate |
| 3SeverityLevels |
Scale with 3 Severity Levels from High to Low |
| HighSeverity |
Level where Severity is High |
| LowSeverity |
Level where Severity is Low |
| ModerateSeverity |
Level where Severity is Moderate |
| 5LikelihoodLevels |
Scale with 5 Likelihood Levels from Very High to Very Low |
| VeryHighLikelihood |
Level where Likelihood is Very High |
| VeryLowLikelihood |
Level where Likelihood is Very Low |
| 5RiskLevels |
Scale with 5 Risk Levels from Very High to Very Low |
| VeryHighRisk |
Level where Risk is Very High |
| VeryLowRisk |
Level where Risk is Very Low |
| 5SeverityLevels |
Scale with 5 Severity Levels from Very High to Very Low |
| VeryHighSeverity |
Level where Severity is Very High |
| VeryLowSeverity |
Level where Severity is Very Low |
| 7LikelihoodLevels |
Scale with 7 Likelihood Levels from Extremely High to Extremely Low |
| ExtremelyHighLikelihood |
Level where Likelihood is Extremely High |
| ExtremelyLowLikelihood |
Level where Likelihood is Extremely Low |
| 7RiskLevels |
Scale with 7 Risk Levels from Extremely High to Extremely Low |
| ExtremelyHighRisk |
Level where Risk is Extremely High |
| ExtremelyLowRisk |
Level where Risk is Extremely Low |
| 7SeverityLevels |
Scale with 7 Severity Levels from Extremely High to Extremely Low |
| ExtremelyHighSeverity |
Level where Severity is Extremely High |
| ExtremelyLowSeverity |
Level where Severity is Extremely Low |
| AvailabilityConcept |
Indicates a concept is relevant to 'Availability' in CIA InfoSec model |
| ConfidentialityConcept |
Indicates a concept is relevant to 'Confidentiality' in CIA InfoSec |
| Incident |
An actual or occurred event |
| AccidentalIncident |
Incident caused due to accidental actions arising from human or |
| AvailabilityIncident |
Incident where the availability of information or system has been |
| ConfidentialityIncident |
Incident where the confidentiality of information or system has been |
| CrossBorderIncident |
Incident involving cross-border or multiple jurisdictions |
| DeliberateIncident |
Incident caused due to deliberate actions of a human |
| EnvironmentalIncident |
Incident caused due to environmental factors outside human controls |
| IntegrityIncident |
Incident where the integrity of information or system has been affected |
| IncidentIdentifier |
Identifier associated with an incident |
| IncidentImpactAssessment |
An impact assessment associated with an incident |
| IncidentInvestigationStatus |
Status associated with investigation of an incident |
| IncidentInvestigationCompleted |
Status indicating the investigation has been completed and findings are |
| IncidentInvestigationNotStarted |
Status indicating the investigation has not yet been started |
| IncidentInvestigationOngoing |
Status indicating the investigation is ongoing |
| IncidentInvestigationPreliminary |
Status indicating the investigation is at a preliminary stage with |
| IncidentMitigationMeasure |
A mitigation measure taken in response specifically to mitigate an |
| IncidentNotice |
Notice associated with an incident |
| IncidentRegister |
A register recording incidents, their reports, notifications, and other |
| IncidentReport |
Documented information about an incident, its handling, assessments,and |
| IncidentConcludingReport |
A report describing the conclusion of an investigation regarding an |
| IncidentDetectionReport |
A report describing the detection of an incident |
| IncidentHandlingReport |
A report describing the response to or handling of an incident regarding |
| IncidentOngoingReport |
A report describing on ongoing investigation regarding an incident where |
| IncidentPreliminaryReport |
A report describing the preliminary investigation regarding an incident |
| IncidentSuspectedReport |
A report describing the suspicion of an incident in the past or |
| RiskIncidentAssessmentReport |
A report describing the assessment of an incident in terms of its |
| IncidentStatus |
Status associated with an incident |
| IncidentConcluded |
The incident has stopped or finished or concluded without any active |
| IncidentHalted |
The incident has halted or paused with a high likelihood of resuming or |
| IncidentMitigated |
The incident has been mitigated against future recurrences i |
| IncidentNearMiss |
The state where an incident was almost successful in taking place i |
| IncidentOngoing |
The incident is ongoing i |
| IncidentStatusUnknown |
The status of a incident is unknown |
| IncidentSuspected |
The state where a incident is suspected, but has not yet been confirmed |
| IncidentTerminated |
The incident has been stopped or terminated through the use of a |
| IntegrityConcept |
Indicates a concept is relevant to 'Integrity' in CIA InfoSec model |
| LegalRiskConcept |
Risk concepts, including any potential risk sources, consequences, or |
| LegalComplianceRisk |
Risks and consequences regarding legal compliance and its violation |
| CopyrightViolation |
Concept representing Copyright Violation |
| IllegalDataProcessing |
Concept representing Illegal Processing of Data |
| PublicOrderBreach |
Concept representing Public Order Breach |
| ViolatingContractualObligation |
Concept representing Violation of Contractual Obligations |
| ViolatingLegalObligation |
Concept representing Violation of Legal Obligations |
| ViolatingStatutoryObligations |
Concept representing Violation of Statutory Obligations |
| LegallyRelevantConsequence |
A consequence that is legally relevant i |
| Damage |
Concept representing Damage |
| Detriment |
Concept representing Detriment |
| MaterialDamage |
Concept representing Material Damage |
| NonMaterialDamage |
Concept representing Non-Material Damage |
| PolicyRisk |
Risks and consequences regarding policy and its associated processes |
| ViolatingCodeOfConduct |
Concept representing Violation of Code of Conduct |
| ViolatingEthicsCode |
Concept representing Violation of Ethics Code |
| ViolatingObligation |
Something that acts as a or violates an obligation - e |
| ViolatingPolicy |
Concept representing violation of policy which can be either internal or |
| ViolatingProhibition |
Something that acts as a or violates a prohibition - e |
| OrganisationalRiskConcept |
Risk concepts, including any potential risk sources, consequences, or |
| FinancialImpact |
Things that cause or have the potential to impact financial resources |
| FinancialLoss |
Concept representing Financial Loss which may be actual loss of existing |
| JudicialCosts |
Something that involves or causes judicial costs to be paid |
| JudicialPenalty |
Something that involves or causes judicial penalties to be paid |
| Remuneration |
Something that acts as or provides remuneration which is in monetary or |
| Compensation |
Something that acts as or provides compensation - which can be monetary |
| Benefit |
Concept representing benefits - both material and immaterial |
| Payment |
Something that acts as or provides payment e |
| Reward |
Something that acts as or provides rewards i |
| OrganisationalManagementRisk |
Concept representing issues and risks associated with the management of |
| DocumentationIssues |
Concept representing issues with the development and use of |
| InstructionsInaccessible |
Concept representing cases wher instructions are inaccessible |
| InstructionsIncorrect |
Concept representing cases where instructions are incorrect for |
| InstructionsInsufficient |
Concept representing cases where instructions are not sufficient for the |
| InstructionsUnsuitable |
Concept representing cases wher instructions are unsuitable for the |
| HumanOversightIneffective |
Concept representing cases where human oversight is ineffective for the |
| HumanOversightInsufficient |
Concept representing cases where human oversight is insufficient for the |
| LackOfSystemTransparency |
Concept representing lack of transparency to humans related to the |
| StaffIncompetence |
Concept representing incompetence of staff |
| TechnologyOverreliance |
Concept representing the case where an entity, including individuals, |
| ReputationalRisk |
Risks and issues that affect the reputation of the organisation |
| CredibilityLoss |
Concept representing Credibility Loss |
| CustomerConfidenceLoss |
Concept representing Customer Confidence Loss |
| GoodwillLoss |
Concept representing Goodwill Loss |
| NegotiatingCapacityLoss |
Concept representing Negotiating Capacity Loss |
| OpportunityLoss |
Concept representing Opportunity Loss |
| ReputationalLoss |
Concept representing Reputational Loss |
| TrustLoss |
Concept representing Trust Loss |
| ServiceRelatedConsequence |
A consequence related to the provision of a service |
| CustomerSupportLimited |
Concept representing customer support to be limited |
| DelayedApplicationProcessing |
Concept representing delayed processing of applications |
| InabilityToEnterIntoContract |
Concept representing inability to enter into contract |
| InabilityToEstablishLegalClaims |
Concept representing inability to establish legal claims |
| InabilityToFulfilLegalObligations |
Concept representing inability to fulfil legal obligations |
| InabilityToProcessPayments |
Concept representing inability to process payments |
| InabilityToProtectVitalInterests |
Concept representing inability to protect vital interests |
| InabilityToProvideHealthCare |
Concept representing inability to provide health care |
| LegalSupportLimited |
Concept representing limitation of legal support |
| LoyaltyProgramExclusion |
Concept representing exclusion from loyalty program |
| PersonalisationDisabled |
Concept representing personalisation disabled |
| PersonalisationEnabled |
Concept representing personalisation enabled |
| PublicServicesExclusion |
Concept representing exclusion from public services |
| RiskIdentityVerificationFailure |
Concept representing failure to verify identity |
| ServiceAlternativeOffered |
Concept representing service alternative offered |
| ServiceCostIncreased |
Concept representing service cost increased |
| ServiceDenied |
Concept representing service denied |
| ServiceLimited |
Concept representing service limited |
| ServiceNotProvided |
Concept representing service not provided |
| ServicePartiallyProvided |
Concept representing service partially provided |
| ServiceProvided |
Concept representing service provided |
| ServiceProvisionDelayed |
Concept representing service provision delayed |
| ServiceQualityReduced |
Concept representing service quality reduced |
| ServiceSecurityReduced |
Concept representing service security reduced |
| ServiceTermination |
Concept representing service termination |
| UserRisks |
Concepts associated with risks that arise due to User or Human use |
| ErroneousUse |
Concept representing erroneous use (of something) |
| HumanErrors |
Concept representing activities that are errors caused by humans without |
| Misuse |
Concept representing a misuse (of something) |
| AccidentalMisuse |
Concept representing accidental misuse (of something) |
| IntentionalMisuse |
Concept represent an intentional misuse (of something) |
| PotentialConsequence |
Indicates a concept can potentially be a 'consequence concept within an |
| PotentialImpact |
Indicates a concept can potentially be a 'impact' concept within an |
| PotentialRisk |
Indicates a concept can potentially be a 'risk' concept within an |
| PotentialRiskSource |
Indicates a concept can potentially be a 'risk source' concept within an |
| RiskControl |
Control that modifies risk |
| ConsequenceControl |
Risk control for managing consequences |
| ChangeConsequence |
Control that proactively changes the consequence event such that one |
| HaltConsequence |
Control that halts the (ongoing) consequence event or process such that |
| RemoveConsequence |
Control that proactively removes the consequence event such that the |
| ImpactControl |
Risk Mitigation Measure that controls Impacts |
| ChangeImpact |
Control that proactively changes the impact event such that one event is |
| HaltImpact |
Control that halts the (ongoing) impact event or process such that it no |
| ProactiveControl |
Control that is established or functions before an event occurs |
| AvoidanceControl |
Control that avoids an event with the goal of removing it completely |
| AvoidConsequence |
Control that proactively avoids the consequence such that it has a |
| AvoidImpact |
Control that proactively avoids the impact such that it has a reduced |
| AvoidSource |
Control that proactively avoids the risk source such that it has a |
| EliminationControl |
Control that eliminates an event entirely such that the event does not |
| RemoveImpact |
Control that proactively removes the impact event such that the event |
| RemoveSource |
Control that proactively removes the risk source such that it is no |
| SubstitutionControl |
Control that substitutes an event with another such that the initial |
| MitigationControl |
Control that aims to reduce the likelihood or effect of an event with |
| ModificationControl |
Control that modifies the context to change the event's characteristics |
| MonitorControl |
Control that monitors for the occurrence of an event |
| DetectionControl |
Control that detects an event |
| IdentificationControl |
Control that identifies the characteristics of an event |
| LoggingControl |
Control that logs an event |
| MonitorConsequence |
Control that monitors a Risk Consequence |
| MonitorImpact |
Control that monitors a Risk Impact |
| MonitorRisk |
Control that monitors a Risk |
| MonitorRiskControl |
Control that monitors another Control |
| MonitorRiskSource |
Control that monitors a Risk Source |
| MonitorVulnerabilities |
Control that monitors a Risk Vulnerability |
| OversightControl |
Control that provides oversight for an event in terms of having |
| TransparencyControl |
Control that provides information about an event |
| ReactiveControl |
Control that is established or functions after an event occurs |
| InvestigationControl |
Control that identifies information through an investigative process |
| OverrideControl |
Control that aims to override the event with the goal of avoiding its |
| ReductionControl |
Control that reduces the effects of an event |
| ContainmentControl |
Control that aims to contain the event in terms of limiting its |
| InterruptionControl |
Control that interrupts an event without removing the possibility for it |
| HaltSource |
Control that halts the (ongoing) risk source event or process such that |
| InterventionControl |
Control that intervenes in the operations of the event to change some |
| ReduceLikelihood |
Control that reduces the likelihood of an event to occur |
| ReduceSeverity |
Control that reduces the severity of an event's effects |
| ResolutionControl |
Control that aims to resolve an event's effects with the goal of fixing |
| RecoveryControl |
Control that aims to restore the context following an event |
| RemediationControl |
Control that aims to fix or remedy the causes of an event to prevent |
| ReversalControl |
Control that aims to reverse or undo the effects of an event |
| SourceControl |
Risk control for managing risk sources |
| TransferControl |
Control that aims to transfer the event (or risk) to another context or |
| ShareControl |
Control that aims to share or distribute the event (or risk) with |
| ShareRisk |
Risk Mitigation Measure that shares Risk e |
| RiskManagement |
Systematic application of management policies, procedures, and practices |
| RiskAcceptance |
Entity decision to accept or enable a particular risk |
| RiskCriteria |
Criteria for determining or evaluating significance of risk |
| RiskOwner |
Entity accountable for managing risk |
| RiskPerception |
Perception or view on risk |
| RiskRiskAssessment |
Assessment of risk involving its identification, analysis, and |
| RiskAnalysis |
A technique or method used to analyse and identify risk levels, sources, |
| RiskMatrix |
Compares individual risks by selecting a consequence/ likelihood pair |
| RiskMatrix3x3 |
A Risk Matrix with 3 Likelihood, 3 Severity, and 3 Risk Level types |
| RM3x3S1L1 |
Node in a 3x3 Risk Matrix with Risk Severity: Low; Likelihood: Low; and |
| RM3x3S1L2 |
Node in a 3x3 Risk Matrix with Risk Severity: Low; Likelihood: Moderate; |
| RM3x3S1L3 |
Node in a 3x3 Risk Matrix with Risk Severity: Low; Likelihood: High; and |
| RM3x3S2L1 |
Node in a 3x3 Risk Matrix with Risk Severity: Moderate; Likelihood: Low; |
| RM3x3S2L2 |
Node in a 3x3 Risk Matrix with Risk Severity: Moderate; Likelihood: |
| RM3x3S2L3 |
Node in a 3x3 Risk Matrix with Risk Severity: Moderate; Likelihood: |
| RM3x3S3L1 |
Node in a 3x3 Risk Matrix with Risk Severity: High; Likelihood: Low; and |
| RM3x3S3L2 |
Node in a 3x3 Risk Matrix with Risk Severity: High; Likelihood: |
| RM3x3S3L3 |
Node in a 3x3 Risk Matrix with Risk Severity: High; Likelihood: High; |
| RiskMatrix5x5 |
A Risk Matrix with 5 Likelihood, 5 Severity, and 5 Risk Level types |
| RM5x5S1L1 |
Node in a 5x5 Risk Matrix with Risk Severity: Very Low; Likelihood: Very |
| RM5x5S1L2 |
Node in a 5x5 Risk Matrix with Risk Severity: Very Low; Likelihood: Low; |
| RM5x5S1L3 |
Node in a 5x5 Risk Matrix with Risk Severity: Very Low; Likelihood: |
| RM5x5S1L4 |
Node in a 5x5 Risk Matrix with Risk Severity: Very Low; Likelihood: |
| RM5x5S1L5 |
Node in a 5x5 Risk Matrix with Risk Severity: Very Low; Likelihood: Very |
| RM5x5S2L1 |
Node in a 5x5 Risk Matrix with Risk Severity: Low; Likelihood: Very Low; |
| RM5x5S2L2 |
Node in a 5x5 Risk Matrix with Risk Severity: Low; Likelihood: Low; and |
| RM5x5S2L3 |
Node in a 5x5 Risk Matrix with Risk Severity: Low; Likelihood: Moderate; |
| RM5x5S2L4 |
Node in a 5x5 Risk Matrix with Risk Severity: Low; Likelihood: High; and |
| RM5x5S2L5 |
Node in a 5x5 Risk Matrix with Risk Severity: Low; Likelihood: Very |
| RM5x5S3L1 |
Node in a 5x5 Risk Matrix with Risk Severity: Moderate; Likelihood: Very |
| RM5x5S3L2 |
Node in a 5x5 Risk Matrix with Risk Severity: Moderate; Likelihood: Low; |
| RM5x5S3L3 |
Node in a 5x5 Risk Matrix with Risk Severity: Moderate; Likelihood: |
| RM5x5S3L4 |
Node in a 5x5 Risk Matrix with Risk Severity: Moderate; Likelihood: |
| RM5x5S3L5 |
Node in a 5x5 Risk Matrix with Risk Severity: Moderate; Likelihood: Very |
| RM5x5S4L1 |
Node in a 5x5 Risk Matrix with Risk Severity: High; Likelihood: Very |
| RM5x5S4L2 |
Node in a 5x5 Risk Matrix with Risk Severity: High; Likelihood: Low; and |
| RM5x5S4L3 |
Node in a 5x5 Risk Matrix with Risk Severity: High; Likelihood: |
| RM5x5S4L4 |
Node in a 5x5 Risk Matrix with Risk Severity: High; Likelihood: High; |
| RM5x5S4L5 |
Node in a 5x5 Risk Matrix with Risk Severity: High; Likelihood: Very |
| RM5x5S5L1 |
Node in a 5x5 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM5x5S5L2 |
Node in a 5x5 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM5x5S5L3 |
Node in a 5x5 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM5x5S5L4 |
Node in a 5x5 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM5x5S5L5 |
Node in a 5x5 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RiskMatrix7x7 |
A Risk Matrix with 7 Likelihood, 7 Severity, and 7 Risk Level types |
| RM7x7S1L1 |
Node in a 7x7 Risk Matrix with Risk Severity: Extremely Low; Likelihood: |
| RM7x7S1L2 |
Node in a 7x7 Risk Matrix with Risk Severity: Extremely Low; Likelihood: |
| RM7x7S1L3 |
Node in a 7x7 Risk Matrix with Risk Severity: Extremely Low; Likelihood: |
| RM7x7S1L4 |
Node in a 7x7 Risk Matrix with Risk Severity: Extremely Low; Likelihood: |
| RM7x7S1L5 |
Node in a 7x7 Risk Matrix with Risk Severity: Extremely Low; Likelihood: |
| RM7x7S1L6 |
Node in a 7x7 Risk Matrix with Risk Severity: Extremely Low; Likelihood: |
| RM7x7S1L7 |
Node in a 7x7 Risk Matrix with Risk Severity: Extremely Low; Likelihood: |
| RM7x7S2L1 |
Node in a 7x7 Risk Matrix with Risk Severity: Very Low; Likelihood: |
| RM7x7S2L2 |
Node in a 7x7 Risk Matrix with Risk Severity: Very Low; Likelihood: Very |
| RM7x7S2L3 |
Node in a 7x7 Risk Matrix with Risk Severity: Very Low; Likelihood: Low; |
| RM7x7S2L4 |
Node in a 7x7 Risk Matrix with Risk Severity: Very Low; Likelihood: |
| RM7x7S2L5 |
Node in a 7x7 Risk Matrix with Risk Severity: Very Low; Likelihood: |
| RM7x7S2L6 |
Node in a 7x7 Risk Matrix with Risk Severity: Very Low; Likelihood: Very |
| RM7x7S2L7 |
Node in a 7x7 Risk Matrix with Risk Severity: Very Low; Likelihood: |
| RM7x7S3L1 |
Node in a 7x7 Risk Matrix with Risk Severity: Low; Likelihood: Extremely |
| RM7x7S3L2 |
Node in a 7x7 Risk Matrix with Risk Severity: Low; Likelihood: Very Low; |
| RM7x7S3L3 |
Node in a 7x7 Risk Matrix with Risk Severity: Low; Likelihood: Low; and |
| RM7x7S3L4 |
Node in a 7x7 Risk Matrix with Risk Severity: Low; Likelihood: Moderate; |
| RM7x7S3L5 |
Node in a 7x7 Risk Matrix with Risk Severity: Low; Likelihood: High; and |
| RM7x7S3L6 |
Node in a 7x7 Risk Matrix with Risk Severity: Low; Likelihood: Very |
| RM7x7S3L7 |
Node in a 7x7 Risk Matrix with Risk Severity: Low; Likelihood: Extremely |
| RM7x7S4L1 |
Node in a 7x7 Risk Matrix with Risk Severity: Moderate; Likelihood: |
| RM7x7S4L2 |
Node in a 7x7 Risk Matrix with Risk Severity: Moderate; Likelihood: Very |
| RM7x7S4L3 |
Node in a 7x7 Risk Matrix with Risk Severity: Moderate; Likelihood: Low; |
| RM7x7S4L4 |
Node in a 7x7 Risk Matrix with Risk Severity: Moderate; Likelihood: |
| RM7x7S4L5 |
Node in a 7x7 Risk Matrix with Risk Severity: Moderate; Likelihood: |
| RM7x7S4L6 |
Node in a 7x7 Risk Matrix with Risk Severity: Moderate; Likelihood: Very |
| RM7x7S4L7 |
Node in a 7x7 Risk Matrix with Risk Severity: Moderate; Likelihood: |
| RM7x7S5L1 |
Node in a 7x7 Risk Matrix with Risk Severity: High; Likelihood: |
| RM7x7S5L2 |
Node in a 7x7 Risk Matrix with Risk Severity: High; Likelihood: Very |
| RM7x7S5L3 |
Node in a 7x7 Risk Matrix with Risk Severity: High; Likelihood: Low; and |
| RM7x7S5L4 |
Node in a 7x7 Risk Matrix with Risk Severity: High; Likelihood: |
| RM7x7S5L5 |
Node in a 7x7 Risk Matrix with Risk Severity: High; Likelihood: High; |
| RM7x7S5L6 |
Node in a 7x7 Risk Matrix with Risk Severity: High; Likelihood: Very |
| RM7x7S5L7 |
Node in a 7x7 Risk Matrix with Risk Severity: High; Likelihood: |
| RM7x7S6L1 |
Node in a 7x7 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM7x7S6L2 |
Node in a 7x7 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM7x7S6L3 |
Node in a 7x7 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM7x7S6L4 |
Node in a 7x7 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM7x7S6L5 |
Node in a 7x7 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM7x7S6L6 |
Node in a 7x7 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM7x7S6L7 |
Node in a 7x7 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM7x7S7L1 |
Node in a 7x7 Risk Matrix with Risk Severity: Extremely High; |
| RM7x7S7L2 |
Node in a 7x7 Risk Matrix with Risk Severity: Extremely High; |
| RM7x7S7L3 |
Node in a 7x7 Risk Matrix with Risk Severity: Extremely High; |
| RM7x7S7L4 |
Node in a 7x7 Risk Matrix with Risk Severity: Extremely High; |
| RM7x7S7L5 |
Node in a 7x7 Risk Matrix with Risk Severity: Extremely High; |
| RM7x7S7L6 |
Node in a 7x7 Risk Matrix with Risk Severity: Extremely High; |
| RM7x7S7L7 |
Node in a 7x7 Risk Matrix with Risk Severity: Extremely High; |
| RiskEvaluation |
Process determining acceptability or tolerance of risk by comparing risk |
| RiskIdentification |
Identification of risks involving identification of risk sources, |
| RiskSource |
The 'cause' or 'source', which by itself or with another source has the |
| RiskVulnerability |
Intrinsic property of a system or asset that is utilised by the Threat |
| Threat |
Risk source event which causes Risk |
| ThreatSource |
Source of threat event, including both agent and non-agent sources |
| RiskTreatment |
Process by which risk is modified and mitigated |
| SocietalRiskConcept |
Risk concepts, including any potential risk sources, consequences, or |
| Discrimination |
Discrimination is the treatment of a person or particular group of |
| AgeDiscrimination |
Discrimination based on a person's age, often impacting older or younger |
| BelievesDiscrimination |
Discrimination based on a person's beliefs or practices |
| CasteDiscrimination |
Discrimination based on a person's caste, a form of social |
| DirectDiscrimination |
Occurs when a person is treated less favourably than another in a |
| DisabilityDiscrimination |
Discrimination against individuals based on physical or mental |
| ExcellenceDiscrimination |
Favouritism towards individuals deemed more competent or superior, often |
| GeographicDiscrimination |
Discrimination based on a person's geographical origin or residence |
| IndirectDiscrimination |
Occurs when an apparently neutral provision, criterion, or practice puts |
| LanguageDiscrimination |
Discrimination based on a person's language, often linked to national |
| NationalityDiscrimination |
Discrimination based on a person's nationality or citizenship |
| Racism |
Prejudice or discrimination against people based on their race |
| EthnicDiscrimination |
Discrimination against individuals based on their ethnicity or cultural |
| RacialDiscrimination |
Discrimination against individuals because of their racial background or |
| ReligiousDiscrimination |
Discrimination based on a person's religion or religious beliefs or |
| ReverseDiscrimination |
Discrimination against members of a majority or historically dominant |
| Sexism |
Discrimination based on a person's sex or gender, typically involving |
| GenderDiscrimination |
Discrimination based on a person's gender identity or gender expression |
| Misandry |
Dislike, contempt, or prejudice against men |
| Misogyny |
Dislike, contempt, or prejudice against women |
| SexDiscrimination |
Discrimination based on a person's biological sex |
| Transphobia |
Hostility or prejudice against transgender people or those perceived as |
| SexualOrientationDiscrimination |
Discrimination based on a person's sexual orientation, typically against |
| Homophobia |
Hostility or prejudice against individuals who are or are perceived to |
| UnfavourableTreatment |
A treatment is unfavourable when the person(s) is treated poorly or less |
| WorkplaceDiscrimination |
Discrimination occurring at workplace or in the context of work |
| EnvironmentalRisk |
Risks and issues that have their origin in environment or can affect the |
| DisproportionateEnergyConsumption |
The occurrence or potential occurrence of disproportionate energy |
| Earthquake |
The occurrence or potential occurrence of earthquakes |
| Floods |
The occurrence or potential occurrence of floods |
| GroupRisk |
Risks and issues that affect or have the potential to affect groups in |
| GroupHealthSafety |
Concept representing health & safety of a group or group(s) |
| SocialDisadvantage |
Concept representing Social Disadvantage |
| SocietalHealthSafety |
Concept representing health and safety of society at large |
| Terrorism |
Concept representing Terrorism |
| IndividualRisk |
Risks and issues that affect or have the potential to affect specific |
| BehaviourDistortion |
Concept representing distortion of behaviour of individual(s) |
| ExposureToHarmfulSpeech |
Concept representing Harmful Speech |
| HealthSafety |
Concept representing health & safety of individual(s), or group(s), or |
| Harm |
Concept representing Harm to humans |
| Harassment |
Concept representing harassment of individual(s) |
| SexualHarassment |
Concept representing sexual harassment of individual(s) |
| Injury |
Concept representing Injury |
| PhysicalAssault |
Concept representing Physical Assault |
| PhysicalHarm |
Concept representing physical harm to an individual or individual(s) |
| PsychologicalHarm |
Concept representing Psychological Harm |
| SexualViolence |
Concept representing Sexual Violence |
| ViolenceAgainstChildren |
Concept representing Child Violence |
| IndividualHealthSafety |
Concept representing health & safety of individual(s) |
| PublicHealthSafety |
Concept representing health and safety of the public at large |
| RiskHealth |
Concept representing health of individual(s), or group(s), or society at |
| RiskMentalHealth |
Concept representing mental health of individual(s), or group(s), or |
| RiskPhysicalHealth |
Concept representing physical health of individual(s), or group(s), or |
| Safety |
Concept representing safety of individual(s), or group(s), or society at |
| MentalSafety |
Concept representing mental safety of individual(s), or group(s), or |
| PhysicalSafety |
Concept representing physical safety of individual(s), or group(s), or |
| Wellbeing |
Concept representing wellbeing of individual(s) |
| ImpairedDecisionMaking |
Concept representing Impaired Decision Making |
| PersonalSafetyEndangerment |
Concept representing Personal Safety Endangerment |
| Privacy |
Concept representing privacy of humans at an individual, group, or |
| RightsImpact |
Concept representing Impact to Rights |
| RightsDenied |
The refusal or withholding or denial of the existence or applicability |
| RightsEroded |
The gradual weakening or reduction of the scope and protection of rights |
| RightsExercisePrevented |
Actions or measures that prevent an individual or group from exercising |
| RightsLimited |
A limitation or restrictions on the scope or exercise of rights |
| RightsObstructed |
Interference with or blocking of the exercise of rights |
| RightsUnfulfilled |
Failure to meet or complete the fulfilment of rights |
| RightsViolated |
The infringement or breach of rights in a manner that constitutes a |
| TechnicalRiskConcept |
Risk concepts, including any potential risk sources, consequences, or |
| Bias |
Bias is defined as the systematic difference in treatment of certain |
| CognitiveBias |
Bias that occurs when humans are processing and interpreting information |
| ConfirmationBias |
Bias that occurs when hypotheses, regardless of their veracity, are more |
| GroupAttributionBias |
Bias that occurs when a human assumes that what is true for an |
| ImplicitBias |
Bias that occurs when a human makes an association or assumption based |
| InGroupBias |
Bias that occurs when showing partiality to one's own group or own |
| OutGroupHomogeneityBias |
Bias that occurs when seeing out-group members as more alike than |
| RequirementsBias |
Bias that occurs in or during requirements creation |
| RuleBasedSystemDesign |
Bias that occurs due to developer experience and expert advice having a |
| SocietalBias |
Bias that occurs when similar cognitive bias (conscious or unconscious) |
| RiskDataBias |
Bias that occurs when data properties that if unaddressed lead to |
| DataProcessingBias |
Bias that occurs due to pre-processing (or post-processing) of data, |
| RiskDataAggregationBias |
Bias that occurs when aggregating data covering different groups of |
| RiskInformativenessBias |
Bias that occurs when the mapping between inputs present in the data and |
| SimpsonsParadoxBias |
Bias that occurs when a trend that is indicated in individual groups of |
| StatisticalBias |
Bias that occurs as the type of consistent numerical offset in an |
| ConfoundingVariablesBias |
Bias that occurs as a confounding variable that influences both the |
| NonNormalityBias |
Bias that occurs when the dataset is subject to a different (i |
| SelectionBias |
Bias that occurs when a dataset's samples are chosen in a way that is |
| CoverageBias |
Bias that occurs when a population represented in a dataset does not |
| NonResponseBias |
Bias that occurs when people from certain groups opt-out of surveys at |
| SamplingBias |
Bias that occurs when data records are not collected randomly from the |
| ExternalSecurityThreat |
Concepts associated with security threats that are likely to originate |
| CompromiseAccount |
Concept representing a compromised account that is then used by the |
| CompromiseAccountCredentials |
Concept representing Account Credentials to be compromised |
| MaliciousActivity |
Intentional actions designed to harm, exploit, manipulate, or disrupt |
| Deception |
Concept representing Deception |
| Fraud |
Concept representing Fraud |
| IdentityFraud |
Concept representing Identity Fraud |
| Sabotage |
Concept representing Sabotage |
| Scam |
Concept representing Scam |
| PhishingScam |
Concept representing Phishing Scam |
| Spoofing |
Concept representing Spoofing |
| Exploitation |
Concept representing Exploitation |
| Blackmail |
Concept representing Blackmail |
| Coercion |
Concept representing Coercion |
| Extortion |
Concept representing Extortion |
| IdentityTheft |
Concept representing Identity Theft |
| IntentionalManipulation |
Concept representing Intentional Manipulation |
| InterceptCommunications |
Concept representing Interception of Communications |
| VulnerabilityExploitation |
Concept representing Vulnerability Exploitation |
| RiskSecurityAttack |
Concept representing an attack on security with the aim of undermining |
| BruteForceAuthorisations |
Concept representing Brute Force Authorisations i |
| Cryptojacking |
Concept representing Cryptojacking |
| DenialServiceAttack |
Concept representing Denial of Service Attack (DoS) |
| DistributedDenialServiceAttack |
Concept representing Distributed Denial of Service Attack (DDoS) |
| MaliciousCodeAttack |
Concept representing Malicious Code Attack |
| MalwareAttack |
Concept representing Malware Attack |
| SystemIntrusion |
Concept representing System Intrusion |
| UnauthorisedActivity |
Concept representing Unauthorised Activity |
| UnauthorisedAccessToPremises |
Concept representing Unauthorised Access to Premises |
| UnauthorisedCodeAccess |
Concept representing Unauthorised Code Access |
| UnauthorisedCodeDisclosure |
Concept representing Unauthorised Code Disclosure |
| UnauthorisedCodeModification |
Concept representing Unauthorised Code Modification |
| UnauthorisedDataAccess |
Concept representing Unauthorised Data Access |
| UnauthorisedDataDisclosure |
Concept representing Unauthorised Data Disclosure |
| UnauthorisedDataModification |
Concept representing Unauthorised Data Modification |
| UnauthorisedInformationDisclosure |
Concept representing Unauthorised Information Disclosure |
| UnauthorisedReidentification |
Concept representing Unauthorised Re-Identification |
| UnauthorisedResourceUse |
Concept representing Unauthorised Resource Use |
| UnauthorisedSystemAccess |
Concept representing Unauthorised System Access |
| UnauthorisedSystemModification |
Concept representing Unauthorised System Modification |
| UnwantedCodeDeletion |
Concept representing Unwanted Code Deletion |
| UnwantedDataDeletion |
Concept representing Unwanted Data Deletion |
| UnwantedDisclosureData |
Concept representing Unwanted Disclosure of Data |
| OperationalSecurityRisk |
Risks and issues that arise during operational processes |
| AuthorisationFailure |
Concept representing Authorisation Failure |
| ComponentFailure |
Concept representing Component Failure |
| ComponentMalfunction |
Concept representing Component Malfunction |
| DataCorruption |
Concept representing Corruption of Data |
| EquipmentFailure |
Concept representing Equipment Failure |
| EquipmentMalfunction |
Concept representing Equipment Malfunction |
| QualityRisk |
Concept representing risks and issues associated with quality of tasks, |
| AccuracyRisk |
Concepts representing risks and issues where Accuracy is Risk |
| AccuracyDegraded |
Concepts representing risks and issues where Accuracy is Degraded |
| AccuracyInconsistent |
Concepts representing risks and issues where Accuracy is Inconsistent |
| AccuracyInsufficient |
Concepts representing risks and issues where Accuracy is Insufficient |
| AccuracyUnknown |
Concepts representing risks and issues where Accuracy is Unknown |
| AccuracyUnverified |
Concepts representing risks and issues where Accuracy is Unverified |
| QualityDegraded |
Concepts representing risks and issues where Quality is Degraded |
| ResilienceDegraded |
Concepts representing risks and issues where Resilience is Degraded |
| RobustnessDegraded |
Concepts representing risks and issues where Robustness is Degraded |
| SecurityQualityDegraded |
Concepts representing risks and issues where Quality of Security is |
| QualityInconsistent |
Concepts representing risks and issues where Quality is Inconsistent |
| ResilienceInconsistent |
Concepts representing risks and issues where Resilience is Inconsistent |
| RobustnessInconsistent |
Concepts representing risks and issues where Robustness is Inconsistent |
| SecurityQualityInconsistent |
Concepts representing risks and issues where Quality of Security is |
| QualityInsufficient |
Concepts representing risks and issues where Quality is Insufficient |
| ResilienceInsufficient |
Concepts representing risks and issues where Resilience is Insufficient |
| RobustnessInsufficient |
Concepts representing risks and issues where Robustness is Insufficient |
| SecurityQualityInsufficient |
Concepts representing risks and issues where Quality of Security is |
| QualityUnknown |
Concepts representing risks and issues where Quality is Unknown |
| ResilienceUnknown |
Concepts representing risks and issues where Resilience is Unknown |
| RobustnessUnknown |
Concepts representing risks and issues where Robustness is Unknown |
| SecurityQualityUnknown |
Concepts representing risks and issues where Quality of Security is |
| QualityUnverified |
Concepts representing risks and issues where Quality is Unverified |
| ResilienceUnverified |
Concepts representing risks and issues where Resilience is Unverified |
| RobustnessUnverified |
Concepts representing risks and issues where Robustness is Unverified |
| SecurityQualityUnverified |
Concepts representing risks and issues where Quality of Security is |
| ResilienceRisk |
Concepts representing risks and issues regarding Resilience |
| RobustnessRisk |
Concepts representing risks and issues where Robustness is Risk |
| SecurityQualityRisk |
Concepts representing risks and issues where Quality of Security is Risk |
| Reidentification |
Concept representing Re-identification |
| SecurityBreach |
Concept representing Security Breach |
| RiskDataBreach |
Concept representing Data Breach |
| RiskAvailabilityBreach |
Concept representing a breach of availability |
| RiskConfidentialityBreach |
Concept representing a breach of confidentiality |
| RiskIntegrityBreach |
Concept representing a breach of integrity |
| SystemFailure |
Concept representing System Failure |
| SystemMalfunction |
Concept representing System Malfunction |
| TaskExecutionRisk |
Concept representing risks and issues associated with execution of |
| TaskExecutionIncorrect |
Concept representing incorrect execution of task(s) |
| TaskOmitted |
Concept representing omission of task(s) |
| TaskTimingIncorrect |
Concept representing incorrect timing for task(s) i |
| RiskDataRisk |
Risks and risk concepts related to data |
| DataInaccurate |
Concept representing data being inaccurate |
| DataIncomplete |
Concept representing data being incomplete |
| DataInconsistent |
Concept representing data being inconsistent |
| DataLoss |
Concept representing data loss (e |
| DataMisclassified |
Concept representing data being misclassified |
| DataMisinterpretation |
Concept representing data being misinterpretation |
| DataNoise |
Concept representing data being noise |
| DataOutdated |
Concept representing data being outdated |
| DataProcessingError |
Concept representing operational error in the processing of data |
| DataCollectionError |
Concept representing error related to data collection |
| DataErasureError |
Concept representing error related to data erasure |
| DataPreparationError |
Concept representing error related to data preparation |
| DataSelectionError |
Concept representing an error in data selection |
| DataStorageError |
Concept representing error related to data storage |
| DataTransferError |
Concept representing error related to data transfer |
| DataSparse |
Concept representing data being sparse |
| DataUnavailable |
Concept representing data being unavailable |
| DataUnrepresentative |
Concept representing data being unrepresentative |
| DataUnstructured |
Concept representing data being unstructured |
| DataUnverified |
Concept representing data being unverified |