Risk Catalog

`RiskCatalog`

Experimental

A RiskCatalog is a structured collection of documented risks that may affect an organization,

metadata object Required

groups array[RiskCategory]

groups narrows the base groups to risk categories with appetite and severity boundaries

risks array[Risk]

risks is a list of risks defined by this catalog

Experimental

RiskCategory describes a grouping of risks and defines appetite boundaries

appetite RiskAppetite Required

appetite defines the acceptable level of risk for this category

max-severity Severity

max-severity defines the risk tolerance boundary: the highest severity

Severity defines the assessed level of a risk based on its potential impact and likelihood

RiskAppetite defines the acceptable level of exposure for a risk category

Experimental

A Risk represents the potential for negative impact resulting from one or more threats.

description string Required

description explains the risk scenario

group string Required

group references by id a catalog group that this risk belongs to

id string Required

id allows this risk to be referenced by other elements

severity Severity Required

severity describes the assessed level of this risk

title string Required

title describes the risk

impact string

impact describes the business or operational impact

owner RACI

owner defines the RACI roles responsible for managing this risk

threats array[MultiEntryMapping]

threats link this risk to Layer 2 threats