Subset: RiskSubset
All entities from the DPV risk extension.
URI: RiskSubset
Identifier and Mapping Information
Schema Source
- from schema: https://w3id.org/lmodel/dpv/risk
Classes in subset
| Class | Description |
|---|---|
| 3LikelihoodLevels | Scale with 3 Likelihood Levels from High to Low |
| 3RiskLevels | Scale with 3 Risk Levels from High to Low |
| 3SeverityLevels | Scale with 3 Severity Levels from High to Low |
| 5LikelihoodLevels | Scale with 5 Likelihood Levels from Very High to Very Low |
| 5RiskLevels | Scale with 5 Risk Levels from Very High to Very Low |
| 5SeverityLevels | Scale with 5 Severity Levels from Very High to Very Low |
| 7LikelihoodLevels | Scale with 7 Likelihood Levels from Extremely High to Extremely Low |
| 7RiskLevels | Scale with 7 Risk Levels from Extremely High to Extremely Low |
| 7SeverityLevels | Scale with 7 Severity Levels from Extremely High to Extremely Low |
| AccidentalIncident | Incident caused due to accidental actions arising from human or |
| AccidentalMisuse | Concept representing accidental misuse (of something) |
| AccuracyDegraded | Concepts representing risks and issues where Accuracy is Degraded |
| AccuracyInconsistent | Concepts representing risks and issues where Accuracy is Inconsistent |
| AccuracyInsufficient | Concepts representing risks and issues where Accuracy is Insufficient |
| AccuracyRisk | Concepts representing risks and issues where Accuracy is Risk |
| AccuracyUnknown | Concepts representing risks and issues where Accuracy is Unknown |
| AccuracyUnverified | Concepts representing risks and issues where Accuracy is Unverified |
| AgeDiscrimination | Discrimination based on a person's age, often impacting older or younger |
| AuthorisationFailure | Concept representing Authorisation Failure |
| AvailabilityConcept | Indicates a concept is relevant to 'Availability' in CIA InfoSec model |
| AvailabilityIncident | Incident where the availability of information or system has been |
| AvoidanceControl | Control that avoids an event with the goal of removing it completely |
| AvoidConsequence | Control that proactively avoids the consequence such that it has a |
| AvoidImpact | Control that proactively avoids the impact such that it has a reduced |
| AvoidSource | Control that proactively avoids the risk source such that it has a |
| BehaviourDistortion | Concept representing distortion of behaviour of individual(s) |
| BelievesDiscrimination | Discrimination based on a person's beliefs or practices |
| Benefit | Concept representing benefits - both material and immaterial |
| Bias | Bias is defined as the systematic difference in treatment of certain |
| Blackmail | Concept representing Blackmail |
| BruteForceAuthorisations | Concept representing Brute Force Authorisations i |
| CasteDiscrimination | Discrimination based on a person's caste, a form of social |
| ChangeConsequence | Control that proactively changes the consequence event such that one |
| ChangeImpact | Control that proactively changes the impact event such that one event is |
| Coercion | Concept representing Coercion |
| CognitiveBias | Bias that occurs when humans are processing and interpreting information |
| Compensation | Something that acts as or provides compensation - which can be monetary |
| ComponentFailure | Concept representing Component Failure |
| ComponentMalfunction | Concept representing Component Malfunction |
| CompromiseAccount | Concept representing a compromised account that is then used by the |
| CompromiseAccountCredentials | Concept representing Account Credentials to be compromised |
| ConfidentialityConcept | Indicates a concept is relevant to 'Confidentiality' in CIA InfoSec |
| ConfidentialityIncident | Incident where the confidentiality of information or system has been |
| ConfirmationBias | Bias that occurs when hypotheses, regardless of their veracity, are more |
| ConfoundingVariablesBias | Bias that occurs as a confounding variable that influences both the |
| ConsequenceControl | Risk control for managing consequences |
| ContainmentControl | Control that aims to contain the event in terms of limiting its |
| CopyrightViolation | Concept representing Copyright Violation |
| CoverageBias | Bias that occurs when a population represented in a dataset does not |
| CredibilityLoss | Concept representing Credibility Loss |
| CrossBorderIncident | Incident involving cross-border or multiple jurisdictions |
| Cryptojacking | Concept representing Cryptojacking |
| CustomerConfidenceLoss | Concept representing Customer Confidence Loss |
| CustomerSupportLimited | Concept representing customer support to be limited |
| Damage | Concept representing Damage |
| DataCollectionError | Concept representing error related to data collection |
| DataCorruption | Concept representing Corruption of Data |
| DataErasureError | Concept representing error related to data erasure |
| DataInaccurate | Concept representing data being inaccurate |
| DataIncomplete | Concept representing data being incomplete |
| DataInconsistent | Concept representing data being inconsistent |
| DataLoss | Concept representing data loss (e |
| DataMisclassified | Concept representing data being misclassified |
| DataMisinterpretation | Concept representing data being misinterpretation |
| DataNoise | Concept representing data being noise |
| DataOutdated | Concept representing data being outdated |
| DataPreparationError | Concept representing error related to data preparation |
| DataProcessingBias | Bias that occurs due to pre-processing (or post-processing) of data, |
| DataProcessingError | Concept representing operational error in the processing of data |
| DataSelectionError | Concept representing an error in data selection |
| DataSparse | Concept representing data being sparse |
| DataStorageError | Concept representing error related to data storage |
| DataTransferError | Concept representing error related to data transfer |
| DataUnavailable | Concept representing data being unavailable |
| DataUnrepresentative | Concept representing data being unrepresentative |
| DataUnstructured | Concept representing data being unstructured |
| DataUnverified | Concept representing data being unverified |
| Deception | Concept representing Deception |
| DelayedApplicationProcessing | Concept representing delayed processing of applications |
| DeliberateIncident | Incident caused due to deliberate actions of a human |
| DenialServiceAttack | Concept representing Denial of Service Attack (DoS) |
| DetectionControl | Control that detects an event |
| Detriment | Concept representing Detriment |
| DirectDiscrimination | Occurs when a person is treated less favourably than another in a |
| DisabilityDiscrimination | Discrimination against individuals based on physical or mental |
| Discrimination | Discrimination is the treatment of a person or particular group of |
| DisproportionateEnergyConsumption | The occurrence or potential occurrence of disproportionate energy |
| DistributedDenialServiceAttack | Concept representing Distributed Denial of Service Attack (DDoS) |
| DocumentationIssues | Concept representing issues with the development and use of |
| Earthquake | The occurrence or potential occurrence of earthquakes |
| EliminationControl | Control that eliminates an event entirely such that the event does not |
| EnvironmentalIncident | Incident caused due to environmental factors outside human controls |
| EnvironmentalRisk | Risks and issues that have their origin in environment or can affect the |
| EquipmentFailure | Concept representing Equipment Failure |
| EquipmentMalfunction | Concept representing Equipment Malfunction |
| ErroneousUse | Concept representing erroneous use (of something) |
| EthnicDiscrimination | Discrimination against individuals based on their ethnicity or cultural |
| ExcellenceDiscrimination | Favouritism towards individuals deemed more competent or superior, often |
| Exploitation | Concept representing Exploitation |
| ExposureToHarmfulSpeech | Concept representing Harmful Speech |
| ExternalSecurityThreat | Concepts associated with security threats that are likely to originate |
| Extortion | Concept representing Extortion |
| ExtremelyHighLikelihood | Level where Likelihood is Extremely High |
| ExtremelyHighRisk | Level where Risk is Extremely High |
| ExtremelyHighSeverity | Level where Severity is Extremely High |
| ExtremelyLowLikelihood | Level where Likelihood is Extremely Low |
| ExtremelyLowRisk | Level where Risk is Extremely Low |
| ExtremelyLowSeverity | Level where Severity is Extremely Low |
| FinancialImpact | Things that cause or have the potential to impact financial resources |
| FinancialLoss | Concept representing Financial Loss which may be actual loss of existing |
| Floods | The occurrence or potential occurrence of floods |
| Fraud | Concept representing Fraud |
| GenderDiscrimination | Discrimination based on a person's gender identity or gender expression |
| GeographicDiscrimination | Discrimination based on a person's geographical origin or residence |
| GoodwillLoss | Concept representing Goodwill Loss |
| GroupAttributionBias | Bias that occurs when a human assumes that what is true for an |
| GroupHealthSafety | Concept representing health & safety of a group or group(s) |
| GroupRisk | Risks and issues that affect or have the potential to affect groups in |
| HaltConsequence | Control that halts the (ongoing) consequence event or process such that |
| HaltImpact | Control that halts the (ongoing) impact event or process such that it no |
| HaltSource | Control that halts the (ongoing) risk source event or process such that |
| Harassment | Concept representing harassment of individual(s) |
| Harm | Concept representing Harm to humans |
| HealthSafety | Concept representing health & safety of individual(s), or group(s), or |
| HighLikelihood | Level where Likelihood is High |
| HighRisk | Level where Risk is High |
| HighSeverity | Level where Severity is High |
| Homophobia | Hostility or prejudice against individuals who are or are perceived to |
| HumanErrors | Concept representing activities that are errors caused by humans without |
| HumanOversightIneffective | Concept representing cases where human oversight is ineffective for the |
| HumanOversightInsufficient | Concept representing cases where human oversight is insufficient for the |
| IdentificationControl | Control that identifies the characteristics of an event |
| IdentityFraud | Concept representing Identity Fraud |
| IdentityTheft | Concept representing Identity Theft |
| IllegalDataProcessing | Concept representing Illegal Processing of Data |
| ImpactControl | Risk Mitigation Measure that controls Impacts |
| ImpairedDecisionMaking | Concept representing Impaired Decision Making |
| ImplicitBias | Bias that occurs when a human makes an association or assumption based |
| InabilityToEnterIntoContract | Concept representing inability to enter into contract |
| InabilityToEstablishLegalClaims | Concept representing inability to establish legal claims |
| InabilityToFulfilLegalObligations | Concept representing inability to fulfil legal obligations |
| InabilityToProcessPayments | Concept representing inability to process payments |
| InabilityToProtectVitalInterests | Concept representing inability to protect vital interests |
| InabilityToProvideHealthCare | Concept representing inability to provide health care |
| Incident | An actual or occurred event |
| IncidentConcluded | The incident has stopped or finished or concluded without any active |
| IncidentConcludingReport | A report describing the conclusion of an investigation regarding an |
| IncidentDetectionReport | A report describing the detection of an incident |
| IncidentHalted | The incident has halted or paused with a high likelihood of resuming or |
| IncidentHandlingReport | A report describing the response to or handling of an incident regarding |
| IncidentIdentifier | Identifier associated with an incident |
| IncidentImpactAssessment | An impact assessment associated with an incident |
| IncidentInvestigationCompleted | Status indicating the investigation has been completed and findings are |
| IncidentInvestigationNotStarted | Status indicating the investigation has not yet been started |
| IncidentInvestigationOngoing | Status indicating the investigation is ongoing |
| IncidentInvestigationPreliminary | Status indicating the investigation is at a preliminary stage with |
| IncidentInvestigationStatus | Status associated with investigation of an incident |
| IncidentMitigated | The incident has been mitigated against future recurrences i |
| IncidentMitigationMeasure | A mitigation measure taken in response specifically to mitigate an |
| IncidentNearMiss | The state where an incident was almost successful in taking place i |
| IncidentNotice | Notice associated with an incident |
| IncidentOngoing | The incident is ongoing i |
| IncidentOngoingReport | A report describing on ongoing investigation regarding an incident where |
| IncidentPreliminaryReport | A report describing the preliminary investigation regarding an incident |
| IncidentRegister | A register recording incidents, their reports, notifications, and other |
| IncidentReport | Documented information about an incident, its handling, assessments,and |
| IncidentStatus | Status associated with an incident |
| IncidentStatusUnknown | The status of a incident is unknown |
| IncidentSuspected | The state where a incident is suspected, but has not yet been confirmed |
| IncidentSuspectedReport | A report describing the suspicion of an incident in the past or |
| IncidentTerminated | The incident has been stopped or terminated through the use of a |
| IndirectDiscrimination | Occurs when an apparently neutral provision, criterion, or practice puts |
| IndividualHealthSafety | Concept representing health & safety of individual(s) |
| IndividualRisk | Risks and issues that affect or have the potential to affect specific |
| InGroupBias | Bias that occurs when showing partiality to one's own group or own |
| Injury | Concept representing Injury |
| InstructionsInaccessible | Concept representing cases wher instructions are inaccessible |
| InstructionsIncorrect | Concept representing cases where instructions are incorrect for |
| InstructionsInsufficient | Concept representing cases where instructions are not sufficient for the |
| InstructionsUnsuitable | Concept representing cases wher instructions are unsuitable for the |
| IntegrityConcept | Indicates a concept is relevant to 'Integrity' in CIA InfoSec model |
| IntegrityIncident | Incident where the integrity of information or system has been affected |
| IntentionalManipulation | Concept representing Intentional Manipulation |
| IntentionalMisuse | Concept represent an intentional misuse (of something) |
| InterceptCommunications | Concept representing Interception of Communications |
| InterruptionControl | Control that interrupts an event without removing the possibility for it |
| InterventionControl | Control that intervenes in the operations of the event to change some |
| InvestigationControl | Control that identifies information through an investigative process |
| JudicialCosts | Something that involves or causes judicial costs to be paid |
| JudicialPenalty | Something that involves or causes judicial penalties to be paid |
| LackOfSystemTransparency | Concept representing lack of transparency to humans related to the |
| LanguageDiscrimination | Discrimination based on a person's language, often linked to national |
| LegalComplianceRisk | Risks and consequences regarding legal compliance and its violation |
| LegallyRelevantConsequence | A consequence that is legally relevant i |
| LegalRiskConcept | Risk concepts, including any potential risk sources, consequences, or |
| LegalSupportLimited | Concept representing limitation of legal support |
| LoggingControl | Control that logs an event |
| LowLikelihood | Level where Likelihood is Low |
| LowRisk | Level where Risk is Low |
| LowSeverity | Level where Severity is Low |
| LoyaltyProgramExclusion | Concept representing exclusion from loyalty program |
| MaliciousActivity | Intentional actions designed to harm, exploit, manipulate, or disrupt |
| MaliciousCodeAttack | Concept representing Malicious Code Attack |
| MalwareAttack | Concept representing Malware Attack |
| MaterialDamage | Concept representing Material Damage |
| MentalSafety | Concept representing mental safety of individual(s), or group(s), or |
| Misandry | Dislike, contempt, or prejudice against men |
| Misogyny | Dislike, contempt, or prejudice against women |
| Misuse | Concept representing a misuse (of something) |
| MitigationControl | Control that aims to reduce the likelihood or effect of an event with |
| ModerateLikelihood | Level where Likelihood is Moderate |
| ModerateRisk | Level where Risk is Moderate |
| ModerateSeverity | Level where Severity is Moderate |
| ModificationControl | Control that modifies the context to change the event's characteristics |
| MonitorConsequence | Control that monitors a Risk Consequence |
| MonitorControl | Control that monitors for the occurrence of an event |
| MonitorImpact | Control that monitors a Risk Impact |
| MonitorRisk | Control that monitors a Risk |
| MonitorRiskControl | Control that monitors another Control |
| MonitorRiskSource | Control that monitors a Risk Source |
| MonitorVulnerabilities | Control that monitors a Risk Vulnerability |
| NationalityDiscrimination | Discrimination based on a person's nationality or citizenship |
| NegotiatingCapacityLoss | Concept representing Negotiating Capacity Loss |
| NonMaterialDamage | Concept representing Non-Material Damage |
| NonNormalityBias | Bias that occurs when the dataset is subject to a different (i |
| NonResponseBias | Bias that occurs when people from certain groups opt-out of surveys at |
| OperationalSecurityRisk | Risks and issues that arise during operational processes |
| OpportunityLoss | Concept representing Opportunity Loss |
| OrganisationalManagementRisk | Concept representing issues and risks associated with the management of |
| OrganisationalRiskConcept | Risk concepts, including any potential risk sources, consequences, or |
| OutGroupHomogeneityBias | Bias that occurs when seeing out-group members as more alike than |
| OverrideControl | Control that aims to override the event with the goal of avoiding its |
| OversightControl | Control that provides oversight for an event in terms of having |
| Payment | Something that acts as or provides payment e |
| PersonalisationDisabled | Concept representing personalisation disabled |
| PersonalisationEnabled | Concept representing personalisation enabled |
| PersonalSafetyEndangerment | Concept representing Personal Safety Endangerment |
| PhishingScam | Concept representing Phishing Scam |
| PhysicalAssault | Concept representing Physical Assault |
| PhysicalHarm | Concept representing physical harm to an individual or individual(s) |
| PhysicalSafety | Concept representing physical safety of individual(s), or group(s), or |
| PolicyRisk | Risks and consequences regarding policy and its associated processes |
| PotentialConsequence | Indicates a concept can potentially be a 'consequence concept within an |
| PotentialImpact | Indicates a concept can potentially be a 'impact' concept within an |
| PotentialRisk | Indicates a concept can potentially be a 'risk' concept within an |
| PotentialRiskSource | Indicates a concept can potentially be a 'risk source' concept within an |
| Privacy | Concept representing privacy of humans at an individual, group, or |
| ProactiveControl | Control that is established or functions before an event occurs |
| PsychologicalHarm | Concept representing Psychological Harm |
| PublicHealthSafety | Concept representing health and safety of the public at large |
| PublicOrderBreach | Concept representing Public Order Breach |
| PublicServicesExclusion | Concept representing exclusion from public services |
| QualityDegraded | Concepts representing risks and issues where Quality is Degraded |
| QualityInconsistent | Concepts representing risks and issues where Quality is Inconsistent |
| QualityInsufficient | Concepts representing risks and issues where Quality is Insufficient |
| QualityRisk | Concept representing risks and issues associated with quality of tasks, |
| QualityUnknown | Concepts representing risks and issues where Quality is Unknown |
| QualityUnverified | Concepts representing risks and issues where Quality is Unverified |
| RacialDiscrimination | Discrimination against individuals because of their racial background or |
| Racism | Prejudice or discrimination against people based on their race |
| ReactiveControl | Control that is established or functions after an event occurs |
| RecoveryControl | Control that aims to restore the context following an event |
| ReduceLikelihood | Control that reduces the likelihood of an event to occur |
| ReduceSeverity | Control that reduces the severity of an event's effects |
| ReductionControl | Control that reduces the effects of an event |
| Reidentification | Concept representing Re-identification |
| ReligiousDiscrimination | Discrimination based on a person's religion or religious beliefs or |
| RemediationControl | Control that aims to fix or remedy the causes of an event to prevent |
| RemoveConsequence | Control that proactively removes the consequence event such that the |
| RemoveImpact | Control that proactively removes the impact event such that the event |
| RemoveSource | Control that proactively removes the risk source such that it is no |
| Remuneration | Something that acts as or provides remuneration which is in monetary or |
| ReputationalLoss | Concept representing Reputational Loss |
| ReputationalRisk | Risks and issues that affect the reputation of the organisation |
| RequirementsBias | Bias that occurs in or during requirements creation |
| ResilienceDegraded | Concepts representing risks and issues where Resilience is Degraded |
| ResilienceInconsistent | Concepts representing risks and issues where Resilience is Inconsistent |
| ResilienceInsufficient | Concepts representing risks and issues where Resilience is Insufficient |
| ResilienceRisk | Concepts representing risks and issues regarding Resilience |
| ResilienceUnknown | Concepts representing risks and issues where Resilience is Unknown |
| ResilienceUnverified | Concepts representing risks and issues where Resilience is Unverified |
| ResolutionControl | Control that aims to resolve an event's effects with the goal of fixing |
| ReversalControl | Control that aims to reverse or undo the effects of an event |
| ReverseDiscrimination | Discrimination against members of a majority or historically dominant |
| Reward | Something that acts as or provides rewards i |
| RightsDenied | The refusal or withholding or denial of the existence or applicability |
| RightsEroded | The gradual weakening or reduction of the scope and protection of rights |
| RightsExercisePrevented | Actions or measures that prevent an individual or group from exercising |
| RightsImpact | Concept representing Impact to Rights |
| RightsLimited | A limitation or restrictions on the scope or exercise of rights |
| RightsObstructed | Interference with or blocking of the exercise of rights |
| RightsUnfulfilled | Failure to meet or complete the fulfilment of rights |
| RightsViolated | The infringement or breach of rights in a manner that constitutes a |
| RiskAcceptance | Entity decision to accept or enable a particular risk |
| RiskAnalysis | A technique or method used to analyse and identify risk levels, sources, |
| RiskAvailabilityBreach | Concept representing a breach of availability |
| RiskConfidentialityBreach | Concept representing a breach of confidentiality |
| RiskControl | Control that modifies risk |
| RiskCriteria | Criteria for determining or evaluating significance of risk |
| RiskDataAggregationBias | Bias that occurs when aggregating data covering different groups of |
| RiskDataBias | Bias that occurs when data properties that if unaddressed lead to |
| RiskDataBreach | Concept representing Data Breach |
| RiskDataRisk | Risks and risk concepts related to data |
| RiskEvaluation | Process determining acceptability or tolerance of risk by comparing risk |
| RiskHealth | Concept representing health of individual(s), or group(s), or society at |
| RiskIdentification | Identification of risks involving identification of risk sources, |
| RiskIdentityVerificationFailure | Concept representing failure to verify identity |
| RiskIncidentAssessmentReport | A report describing the assessment of an incident in terms of its |
| RiskInformativenessBias | Bias that occurs when the mapping between inputs present in the data and |
| RiskIntegrityBreach | Concept representing a breach of integrity |
| RiskManagement | Systematic application of management policies, procedures, and practices |
| RiskMatrix | Compares individual risks by selecting a consequence/ likelihood pair |
| RiskMatrix3x3 | A Risk Matrix with 3 Likelihood, 3 Severity, and 3 Risk Level types |
| RiskMatrix5x5 | A Risk Matrix with 5 Likelihood, 5 Severity, and 5 Risk Level types |
| RiskMatrix7x7 | A Risk Matrix with 7 Likelihood, 7 Severity, and 7 Risk Level types |
| RiskMentalHealth | Concept representing mental health of individual(s), or group(s), or |
| RiskOwner | Entity accountable for managing risk |
| RiskPerception | Perception or view on risk |
| RiskPhysicalHealth | Concept representing physical health of individual(s), or group(s), or |
| RiskRiskAssessment | Assessment of risk involving its identification, analysis, and |
| RiskSecurityAttack | Concept representing an attack on security with the aim of undermining |
| RiskSource | The 'cause' or 'source', which by itself or with another source has the |
| RiskTreatment | Process by which risk is modified and mitigated |
| RiskVulnerability | Intrinsic property of a system or asset that is utilised by the Threat |
| RM3x3S1L1 | Node in a 3x3 Risk Matrix with Risk Severity: Low; Likelihood: Low; and |
| RM3x3S1L2 | Node in a 3x3 Risk Matrix with Risk Severity: Low; Likelihood: Moderate; |
| RM3x3S1L3 | Node in a 3x3 Risk Matrix with Risk Severity: Low; Likelihood: High; and |
| RM3x3S2L1 | Node in a 3x3 Risk Matrix with Risk Severity: Moderate; Likelihood: Low; |
| RM3x3S2L2 | Node in a 3x3 Risk Matrix with Risk Severity: Moderate; Likelihood: |
| RM3x3S2L3 | Node in a 3x3 Risk Matrix with Risk Severity: Moderate; Likelihood: |
| RM3x3S3L1 | Node in a 3x3 Risk Matrix with Risk Severity: High; Likelihood: Low; and |
| RM3x3S3L2 | Node in a 3x3 Risk Matrix with Risk Severity: High; Likelihood: |
| RM3x3S3L3 | Node in a 3x3 Risk Matrix with Risk Severity: High; Likelihood: High; |
| RM5x5S1L1 | Node in a 5x5 Risk Matrix with Risk Severity: Very Low; Likelihood: Very |
| RM5x5S1L2 | Node in a 5x5 Risk Matrix with Risk Severity: Very Low; Likelihood: Low; |
| RM5x5S1L3 | Node in a 5x5 Risk Matrix with Risk Severity: Very Low; Likelihood: |
| RM5x5S1L4 | Node in a 5x5 Risk Matrix with Risk Severity: Very Low; Likelihood: |
| RM5x5S1L5 | Node in a 5x5 Risk Matrix with Risk Severity: Very Low; Likelihood: Very |
| RM5x5S2L1 | Node in a 5x5 Risk Matrix with Risk Severity: Low; Likelihood: Very Low; |
| RM5x5S2L2 | Node in a 5x5 Risk Matrix with Risk Severity: Low; Likelihood: Low; and |
| RM5x5S2L3 | Node in a 5x5 Risk Matrix with Risk Severity: Low; Likelihood: Moderate; |
| RM5x5S2L4 | Node in a 5x5 Risk Matrix with Risk Severity: Low; Likelihood: High; and |
| RM5x5S2L5 | Node in a 5x5 Risk Matrix with Risk Severity: Low; Likelihood: Very |
| RM5x5S3L1 | Node in a 5x5 Risk Matrix with Risk Severity: Moderate; Likelihood: Very |
| RM5x5S3L2 | Node in a 5x5 Risk Matrix with Risk Severity: Moderate; Likelihood: Low; |
| RM5x5S3L3 | Node in a 5x5 Risk Matrix with Risk Severity: Moderate; Likelihood: |
| RM5x5S3L4 | Node in a 5x5 Risk Matrix with Risk Severity: Moderate; Likelihood: |
| RM5x5S3L5 | Node in a 5x5 Risk Matrix with Risk Severity: Moderate; Likelihood: Very |
| RM5x5S4L1 | Node in a 5x5 Risk Matrix with Risk Severity: High; Likelihood: Very |
| RM5x5S4L2 | Node in a 5x5 Risk Matrix with Risk Severity: High; Likelihood: Low; and |
| RM5x5S4L3 | Node in a 5x5 Risk Matrix with Risk Severity: High; Likelihood: |
| RM5x5S4L4 | Node in a 5x5 Risk Matrix with Risk Severity: High; Likelihood: High; |
| RM5x5S4L5 | Node in a 5x5 Risk Matrix with Risk Severity: High; Likelihood: Very |
| RM5x5S5L1 | Node in a 5x5 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM5x5S5L2 | Node in a 5x5 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM5x5S5L3 | Node in a 5x5 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM5x5S5L4 | Node in a 5x5 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM5x5S5L5 | Node in a 5x5 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM7x7S1L1 | Node in a 7x7 Risk Matrix with Risk Severity: Extremely Low; Likelihood: |
| RM7x7S1L2 | Node in a 7x7 Risk Matrix with Risk Severity: Extremely Low; Likelihood: |
| RM7x7S1L3 | Node in a 7x7 Risk Matrix with Risk Severity: Extremely Low; Likelihood: |
| RM7x7S1L4 | Node in a 7x7 Risk Matrix with Risk Severity: Extremely Low; Likelihood: |
| RM7x7S1L5 | Node in a 7x7 Risk Matrix with Risk Severity: Extremely Low; Likelihood: |
| RM7x7S1L6 | Node in a 7x7 Risk Matrix with Risk Severity: Extremely Low; Likelihood: |
| RM7x7S1L7 | Node in a 7x7 Risk Matrix with Risk Severity: Extremely Low; Likelihood: |
| RM7x7S2L1 | Node in a 7x7 Risk Matrix with Risk Severity: Very Low; Likelihood: |
| RM7x7S2L2 | Node in a 7x7 Risk Matrix with Risk Severity: Very Low; Likelihood: Very |
| RM7x7S2L3 | Node in a 7x7 Risk Matrix with Risk Severity: Very Low; Likelihood: Low; |
| RM7x7S2L4 | Node in a 7x7 Risk Matrix with Risk Severity: Very Low; Likelihood: |
| RM7x7S2L5 | Node in a 7x7 Risk Matrix with Risk Severity: Very Low; Likelihood: |
| RM7x7S2L6 | Node in a 7x7 Risk Matrix with Risk Severity: Very Low; Likelihood: Very |
| RM7x7S2L7 | Node in a 7x7 Risk Matrix with Risk Severity: Very Low; Likelihood: |
| RM7x7S3L1 | Node in a 7x7 Risk Matrix with Risk Severity: Low; Likelihood: Extremely |
| RM7x7S3L2 | Node in a 7x7 Risk Matrix with Risk Severity: Low; Likelihood: Very Low; |
| RM7x7S3L3 | Node in a 7x7 Risk Matrix with Risk Severity: Low; Likelihood: Low; and |
| RM7x7S3L4 | Node in a 7x7 Risk Matrix with Risk Severity: Low; Likelihood: Moderate; |
| RM7x7S3L5 | Node in a 7x7 Risk Matrix with Risk Severity: Low; Likelihood: High; and |
| RM7x7S3L6 | Node in a 7x7 Risk Matrix with Risk Severity: Low; Likelihood: Very |
| RM7x7S3L7 | Node in a 7x7 Risk Matrix with Risk Severity: Low; Likelihood: Extremely |
| RM7x7S4L1 | Node in a 7x7 Risk Matrix with Risk Severity: Moderate; Likelihood: |
| RM7x7S4L2 | Node in a 7x7 Risk Matrix with Risk Severity: Moderate; Likelihood: Very |
| RM7x7S4L3 | Node in a 7x7 Risk Matrix with Risk Severity: Moderate; Likelihood: Low; |
| RM7x7S4L4 | Node in a 7x7 Risk Matrix with Risk Severity: Moderate; Likelihood: |
| RM7x7S4L5 | Node in a 7x7 Risk Matrix with Risk Severity: Moderate; Likelihood: |
| RM7x7S4L6 | Node in a 7x7 Risk Matrix with Risk Severity: Moderate; Likelihood: Very |
| RM7x7S4L7 | Node in a 7x7 Risk Matrix with Risk Severity: Moderate; Likelihood: |
| RM7x7S5L1 | Node in a 7x7 Risk Matrix with Risk Severity: High; Likelihood: |
| RM7x7S5L2 | Node in a 7x7 Risk Matrix with Risk Severity: High; Likelihood: Very |
| RM7x7S5L3 | Node in a 7x7 Risk Matrix with Risk Severity: High; Likelihood: Low; and |
| RM7x7S5L4 | Node in a 7x7 Risk Matrix with Risk Severity: High; Likelihood: |
| RM7x7S5L5 | Node in a 7x7 Risk Matrix with Risk Severity: High; Likelihood: High; |
| RM7x7S5L6 | Node in a 7x7 Risk Matrix with Risk Severity: High; Likelihood: Very |
| RM7x7S5L7 | Node in a 7x7 Risk Matrix with Risk Severity: High; Likelihood: |
| RM7x7S6L1 | Node in a 7x7 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM7x7S6L2 | Node in a 7x7 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM7x7S6L3 | Node in a 7x7 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM7x7S6L4 | Node in a 7x7 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM7x7S6L5 | Node in a 7x7 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM7x7S6L6 | Node in a 7x7 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM7x7S6L7 | Node in a 7x7 Risk Matrix with Risk Severity: Very High; Likelihood: |
| RM7x7S7L1 | Node in a 7x7 Risk Matrix with Risk Severity: Extremely High; |
| RM7x7S7L2 | Node in a 7x7 Risk Matrix with Risk Severity: Extremely High; |
| RM7x7S7L3 | Node in a 7x7 Risk Matrix with Risk Severity: Extremely High; |
| RM7x7S7L4 | Node in a 7x7 Risk Matrix with Risk Severity: Extremely High; |
| RM7x7S7L5 | Node in a 7x7 Risk Matrix with Risk Severity: Extremely High; |
| RM7x7S7L6 | Node in a 7x7 Risk Matrix with Risk Severity: Extremely High; |
| RM7x7S7L7 | Node in a 7x7 Risk Matrix with Risk Severity: Extremely High; |
| RobustnessDegraded | Concepts representing risks and issues where Robustness is Degraded |
| RobustnessInconsistent | Concepts representing risks and issues where Robustness is Inconsistent |
| RobustnessInsufficient | Concepts representing risks and issues where Robustness is Insufficient |
| RobustnessRisk | Concepts representing risks and issues where Robustness is Risk |
| RobustnessUnknown | Concepts representing risks and issues where Robustness is Unknown |
| RobustnessUnverified | Concepts representing risks and issues where Robustness is Unverified |
| RuleBasedSystemDesign | Bias that occurs due to developer experience and expert advice having a |
| Sabotage | Concept representing Sabotage |
| Safety | Concept representing safety of individual(s), or group(s), or society at |
| SamplingBias | Bias that occurs when data records are not collected randomly from the |
| Scam | Concept representing Scam |
| SecurityBreach | Concept representing Security Breach |
| SecurityQualityDegraded | Concepts representing risks and issues where Quality of Security is |
| SecurityQualityInconsistent | Concepts representing risks and issues where Quality of Security is |
| SecurityQualityInsufficient | Concepts representing risks and issues where Quality of Security is |
| SecurityQualityRisk | Concepts representing risks and issues where Quality of Security is Risk |
| SecurityQualityUnknown | Concepts representing risks and issues where Quality of Security is |
| SecurityQualityUnverified | Concepts representing risks and issues where Quality of Security is |
| SelectionBias | Bias that occurs when a dataset's samples are chosen in a way that is |
| ServiceAlternativeOffered | Concept representing service alternative offered |
| ServiceCostIncreased | Concept representing service cost increased |
| ServiceDenied | Concept representing service denied |
| ServiceLimited | Concept representing service limited |
| ServiceNotProvided | Concept representing service not provided |
| ServicePartiallyProvided | Concept representing service partially provided |
| ServiceProvided | Concept representing service provided |
| ServiceProvisionDelayed | Concept representing service provision delayed |
| ServiceQualityReduced | Concept representing service quality reduced |
| ServiceRelatedConsequence | A consequence related to the provision of a service |
| ServiceSecurityReduced | Concept representing service security reduced |
| ServiceTermination | Concept representing service termination |
| SexDiscrimination | Discrimination based on a person's biological sex |
| Sexism | Discrimination based on a person's sex or gender, typically involving |
| SexualHarassment | Concept representing sexual harassment of individual(s) |
| SexualOrientationDiscrimination | Discrimination based on a person's sexual orientation, typically against |
| SexualViolence | Concept representing Sexual Violence |
| ShareControl | Control that aims to share or distribute the event (or risk) with |
| ShareRisk | Risk Mitigation Measure that shares Risk e |
| SimpsonsParadoxBias | Bias that occurs when a trend that is indicated in individual groups of |
| SocialDisadvantage | Concept representing Social Disadvantage |
| SocietalBias | Bias that occurs when similar cognitive bias (conscious or unconscious) |
| SocietalHealthSafety | Concept representing health and safety of society at large |
| SocietalRiskConcept | Risk concepts, including any potential risk sources, consequences, or |
| SourceControl | Risk control for managing risk sources |
| Spoofing | Concept representing Spoofing |
| StaffIncompetence | Concept representing incompetence of staff |
| StatisticalBias | Bias that occurs as the type of consistent numerical offset in an |
| SubstitutionControl | Control that substitutes an event with another such that the initial |
| SystemFailure | Concept representing System Failure |
| SystemIntrusion | Concept representing System Intrusion |
| SystemMalfunction | Concept representing System Malfunction |
| TaskExecutionIncorrect | Concept representing incorrect execution of task(s) |
| TaskExecutionRisk | Concept representing risks and issues associated with execution of |
| TaskOmitted | Concept representing omission of task(s) |
| TaskTimingIncorrect | Concept representing incorrect timing for task(s) i |
| TechnicalRiskConcept | Risk concepts, including any potential risk sources, consequences, or |
| TechnologyOverreliance | Concept representing the case where an entity, including individuals, |
| Terrorism | Concept representing Terrorism |
| Threat | Risk source event which causes Risk |
| ThreatSource | Source of threat event, including both agent and non-agent sources |
| TransferControl | Control that aims to transfer the event (or risk) to another context or |
| TransparencyControl | Control that provides information about an event |
| Transphobia | Hostility or prejudice against transgender people or those perceived as |
| TrustLoss | Concept representing Trust Loss |
| UnauthorisedAccessToPremises | Concept representing Unauthorised Access to Premises |
| UnauthorisedActivity | Concept representing Unauthorised Activity |
| UnauthorisedCodeAccess | Concept representing Unauthorised Code Access |
| UnauthorisedCodeDisclosure | Concept representing Unauthorised Code Disclosure |
| UnauthorisedCodeModification | Concept representing Unauthorised Code Modification |
| UnauthorisedDataAccess | Concept representing Unauthorised Data Access |
| UnauthorisedDataDisclosure | Concept representing Unauthorised Data Disclosure |
| UnauthorisedDataModification | Concept representing Unauthorised Data Modification |
| UnauthorisedInformationDisclosure | Concept representing Unauthorised Information Disclosure |
| UnauthorisedReidentification | Concept representing Unauthorised Re-Identification |
| UnauthorisedResourceUse | Concept representing Unauthorised Resource Use |
| UnauthorisedSystemAccess | Concept representing Unauthorised System Access |
| UnauthorisedSystemModification | Concept representing Unauthorised System Modification |
| UnfavourableTreatment | A treatment is unfavourable when the person(s) is treated poorly or less |
| UnwantedCodeDeletion | Concept representing Unwanted Code Deletion |
| UnwantedDataDeletion | Concept representing Unwanted Data Deletion |
| UnwantedDisclosureData | Concept representing Unwanted Disclosure of Data |
| UserRisks | Concepts associated with risks that arise due to User or Human use |
| VeryHighLikelihood | Level where Likelihood is Very High |
| VeryHighRisk | Level where Risk is Very High |
| VeryHighSeverity | Level where Severity is Very High |
| VeryLowLikelihood | Level where Likelihood is Very Low |
| VeryLowRisk | Level where Risk is Very Low |
| VeryLowSeverity | Level where Severity is Very Low |
| ViolatingCodeOfConduct | Concept representing Violation of Code of Conduct |
| ViolatingContractualObligation | Concept representing Violation of Contractual Obligations |
| ViolatingEthicsCode | Concept representing Violation of Ethics Code |
| ViolatingLegalObligation | Concept representing Violation of Legal Obligations |
| ViolatingObligation | Something that acts as a or violates an obligation - e |
| ViolatingPolicy | Concept representing violation of policy which can be either internal or |
| ViolatingProhibition | Something that acts as a or violates a prohibition - e |
| ViolatingStatutoryObligations | Concept representing Violation of Statutory Obligations |
| ViolenceAgainstChildren | Concept representing Child Violence |
| VulnerabilityExploitation | Concept representing Vulnerability Exploitation |
| Wellbeing | Concept representing wellbeing of individual(s) |
| WorkplaceDiscrimination | Discrimination occurring at workplace or in the context of work |
Slots in subset
| Slot | Description |
|---|---|
| avoids | Indicates the event or action is avoided by the specified control |
| caused_by_threat | Indicates the cause of associated context (subject) was the indicated |
| caused_by_vulnerability | Indicates the associated context (subject) is caused by the indicated |
| contains | Indicates the specified event or action is contained by this control |
| controls | Indicates this control manages specified risk concept event or action, |
| detects | Indicates the specified event or action is detected by this control |
| eliminates | Indicates the specified event or action is eliminated by this control |
| exploits_vulnerability | Indicates the threat (subject) exploits the indicated vulnerability |
| has_control | Indicates the use of specified control |
| has_incident | Indicates an incident is associated with the specified context |
| has_risk_acceptance | Associates the risk acceptance plan or process or criteria |
| has_risk_analysis | Associates the risk analysis |
| has_risk_criteria | Associates the risk criteria |
| has_risk_evaluation | Associates the risk evaluation plan or process or criteria |
| has_risk_identification | Associates the risk identification plan or process or criteria |
| has_risk_management | Associates the risk management plan or process |
| has_risk_owner | Indicates the risk owner |
| has_risk_perception | Associates the risk perception plan or process or criteria |
| has_risk_source | Indicates the risk (subject) has the indicated risk source (object) |
| has_risk_treatment | Associates the risk treatment plan or process or criteria |
| has_threat_source | Indicates the threat (subject) has the indicated source (object) |
| has_vulnerability | Indicates the associated context (subject) has indicated vulnerability |
| identifies | Indicates the specified event or action is identified by this control |
| interrupts | Indicates the specified event or action is interrupted by this control |
| intervenes | Indicates the specified event or action is intervened by this control |
| investigates | Indicates the specified event or action is investigated by this control |
| is_exploited_by | Indicates the vulnerability (subject) is exploited by the indicated |
| is_vulnerability_of | Indicates the vulnerability (subject) is associated with indicated |
| logs | Indicates the specified event or action is logged by this control |
| mitigates | Indicates the specified event or action is mitigated by this control |
| modifies | Indicates the specified event or action is modified by this control |
| monitors | Indicates the specified event or action is monitored by this control |
| overrides | Indicates the specified event or action is overridden by this control |
| recovers | Indicates the specified event or action is recovered from by this |
| reduces | Indicates the specified event or action is reduced by this control |
| refers_to_risk | Indicates the incident (subject) is a materialisation of the indicated |
| remedies | Indicates the specified event or action is remedied by this control |
| resolves | Indicates the specified event or action is resolved by this control |
| reverses | Indicates the specified event or action is reversed by this control |
| risk_has_risk_assessment | Associates the risk assessment |
| shares | Indicates the specified event or action is shared with another context |
| substitutes | Indicates the specified event or action is substituted by this control |
| transfers | Indicates the specified event or action is transferred to another |