Adding a custom risk

If you have a risk that is not in the library, do the following to add a custom risk to an assessment:


  1. Click the Menu **button and select **Risks.
  2. If the list of risk assessments is currently collapsed, click Expand.
  3. Click the square box at the left of the risk assessment to select it.
  4. Click the three-dots icon on the risk assessment and select Add asset-based risk.
  5. Select an asset or an asset class that the risk applies to (e.g. client data).
  6. Click Select threats and select the threat that applies (e.g. data breach).
  7. Click Select vulnerabilities and pick the vulnerability that causes the asset to be open to the threat (e.g. compromise of security).
  8. Select Risk applies to and choose the combination of confidentiality, integrity and availability that the risk will endanger.
  9. Click Assess initial risk to organisations and place a tick mark on the grid, showing the likelihood and impact of the risk for the organisation (note that this is the risk before mitigation).
  10. Where applicable, click Assess initial risk to data subject and place a tick mark on the grid, showing the likelihood and impact of the risk for data subjects.
  11. Click Set response and select an option.
  12. If your response to a risk involves a control, click Select controls and choose the control you are using to mitigate the risk. The list of controls will be from the set that you chose when you created the risk assessment, which should be from ISO 27001. See the next section for more details on controls.
  13. Click Review residual risk to organisations and place a tick mark on the grid, showing the remaining likelihood and impact of the risk for the organisation once mitigation has been applied.
  14. Click Review residual risk to data subjects and place a tick mark on the grid, showing the remaining likelihood and impact of the risk for data subjects once mitigation has been applied.
  15. Click Finalise risk. Note that CyberComply will assign a unique ID to the risk. If you’d prefer that the ID was something specific rather than the default, you can change it here. You can also assign an owner to the risk here.
  16. Click Save and close.


Updated on: 17/06/2024

Was this article helpful?

Share your feedback

Cancel

Thank you!