Skip to content

⚠️ Risk Management (MVP)

What It Does

Simple risk register for tracking cybersecurity risks and getting board acceptance where needed.

Core Featurest

1. Risk Register

  • Add risks as discovered
  • Rate likelihood and impact (1-5)
  • Automatic risk score calculation
  • Track treatment plans

2. Risk Ownership

  • Assign risk owner
  • Set review dates
  • Track mitigation progress
  • Escalate if needed

3. Board Acceptance

  • Some risks can't be fixed immediately
  • Document why and compensating controls
  • Get formal board acceptance
  • Time-bound (review in 6-12 months)

Risk Workflow

  1. Identify Risk

  2. Found during E8 assessment

  3. Reported by staff

  4. Industry alerts

  5. Assess Risk

  6. How likely? (1-5)

  7. How bad if it happens? (1-5)

  8. Risk score = Likelihood Γ— Impact

  9. Decide Treatment

  10. Fix it (implement controls)

  11. Transfer it (insurance/outsource)
  12. Accept it (board approval needed)

  13. Avoid it (stop the activity)

  14. Track Progress

  15. Monthly updates
  16. Show in dashboards
  17. Report to board

Common Cyber Risks (Examples)

  • Unpatched systems
  • No MFA on critical systems
  • Weak password policies
  • No offline backups
  • Admin access too broad

Business Value

  • Know your risks
  • Prioritize fixes
  • Document board decisions
  • Show improving over time

Simple risk register. Clear decisions. Audit trail.