Logo Enveedo - horizontal tipo blanca.webp
Back to Enveedo
Welcome to the Enveedo Knowledge Hub
Getting Started
Platform Overview
Initial Setup and Onboarding
Initial Setup
Initial Setup
Complete Business Profile
View Risk Scorecard
Add Security Stack
Connect Critical Systems (Integrations)
Invite Team Members
Setup Your Vulnerability Scan
Program Development
Program Development
Review Findings
Complete Crown Jewel Analysis
Update Risk Register
Complete an Assessment
Module Details
Role Base Management
Asset Management
Asset Management
Systems & Applications
People
Vendor Management
Vendor Management
Training Videos
Self-Assessments Based on Frameworks
Risk Creation and Management
Vendor Management and Documentation
Asset Management and Tracking
Creating and Managing Cybersecurity Incidents
Cybersecurity Stack
Control catalog
Home
Getting Started
Program Development
Update Risk Register
Update Risk Register

 

 

Purpose: Build a comprehensive risk register that captures identified threats, vulnerabilities, and business risks, leveraging AI-powered recommendations and Crown Jewel relationships to ensure accurate prioritization and business alignment.

 

What You'll Work With

The Risk Register serves as your central repository for all organizational risks, automatically populated with AI-generated recommendations while allowing for manual additions and customization.

 

Risk Register Structure

Each risk entry contains comprehensive information to support informed decision-making:

  • Risk Name: Clear identification of the specific threat or vulnerability
  • Discovery Date: When the risk was first identified or imported into the system
  • Risk Type: Categorization considering man-made, environmental, and organizational risk types, including Ransomware, System Intrusion, Non-Compliance, or Civil Unrest
  • Related Assets: Specific systems, applications, or infrastructure components affected
  • Crown Jewel Relationship: Connection to your most critical business assets
  • Business Impact: Assessment of potential organizational consequences
  • Risk Rating: Overall risk level determined through impact and likelihood analysis

 

Risk Scoring Methodology

Enveedo uses a quantitative approach to calculate risk ratings based on multiple factors that ensure risks are prioritized according to their actual business impact and probability of occurrence.

 

Core Risk Calculation Formula

 

Risk Score = Likelihood × Impact

 

Scoring Components

Likelihood Assessment (1-5 Scale)

  • 1 - Very Low: Extremely unlikely to occur (0-5% probability)
  • 2 - Low: Unlikely to occur (6-25% probability)
  • 3 - Medium: Possible to occur (26-50% probability)
  • 4 - High: Likely to occur (51-75% probability)
  • 5 - Very High: Almost certain to occur (76-100% probability)

 

Impact Assessment (1-5 Scale)

  • 1 - Very Low: Minimal business disruption, negligible financial impact
  • 2 - Low: Minor business disruption, limited financial impact
  • 3 - Medium: Moderate business disruption, noticeable financial impact
  • 4 - High: Significant business disruption, substantial financial impact
  • 5 - Very High: Severe business disruption, major financial impact

 

Final Risk Rating Classification

The calculated risk score is mapped to standardized risk levels for consistent organizational communication:

  • 1.0 - 4.0: Low Risk (Green)
  • 4.1 - 8.0: Medium Risk (Yellow)
  • 8.1 - 12.0: High Risk (Orange)
  • 12.1 - 25.0: Critical Risk (Red)

 

Business Context Integration

The risk scoring methodology automatically incorporates your Crown Jewel Analysis results to ensure that risks affecting your most critical business assets receive appropriate priority in security planning and resource allocation decisions.

  • Status: Current management state indicating progress on risk treatment
  • Risk Treatment: Planned approach for addressing the risk
  • Associated Tasks: Specific action items for risk remediation

 

Data Sources for Risk Population

AI-Generated Risk Recommendations

The platform automatically suggests risks tailored to your organization based on your business profile, Crown Jewel Analysis results, and security stack configuration. These AI-powered recommendations help ensure comprehensive risk coverage without manual research.

 

Manual Risk Entry:

Add organization-specific risks that may not be captured through automated processes, including operational concerns, regulatory changes, or strategic business risks identified by stakeholders.

 

Updating Your Risk Register

 

Review AI Recommendations

Examine the system-generated risks that appear based on your organizational profile and Crown Jewel priorities. These recommendations draw from industry analysis and common attack patterns relevant to your business context.

 

Add Business Context

Connect new risks to your Crown Jewel assets to ensure proper prioritization. Risks affecting Critical priority crown jewels automatically receive elevated attention in your security planning.

 

Assess Business Impact

Evaluate the potential consequences of each risk based on your organization's specific operational requirements and tolerance levels. Consider financial, operational, regulatory, and reputational impacts.

 

Determine Risk Treatment

Select the appropriate approach for each risk:

  • Mitigate: Implement controls to reduce likelihood or impact
  • Accept: Acknowledge risks within acceptable tolerance levels
  • Transfer: Use insurance or contractual arrangements to shift risk
  • Avoid: Eliminate risks through process or technology changes

 

 

Crown Jewel Integration Benefits

The system uses your Crown Jewel Analysis to enhance risk management effectiveness by automatically prioritizing risks that could impact your most critical assets, ensuring security investments align with business priorities, and providing clear visibility into threats against your most valuable organizational resources.

 

Risk Register Outputs

Your completed Risk Register provides centralized visibility into all organizational risks, prioritized recommendations for security investments, comprehensive documentation for compliance and audit purposes, and integrated task management for risk treatment activities.

 

Did this answer your question?
Related Articles
Risk Creation and Management