An object that represents an identified Risk as the result of an Assessment. The collection of Risk objects in JupiterOne make up the Risk Register. A Control may have a MITIGATES relationship to a Risk.
Includes properties from:
assessment (string) - Optional¶
The name/id of the assessment that produced this risk.
category (string) - Optional¶
The category (or area) of the risk. For example, ‘process maturity’ or ‘natural disaster’.
probability (integer) - Required¶
Probability rating of the risk: ‘3: high/certain’, ‘2: medium/likely’, ‘1: low/unlikely’, ‘0: none/negligible’.
impact (integer) - Required¶
Impact rating. ‘3: high/severe’, ‘2: medium/moderate’, ‘1: low/minor’, ‘0: none/insignificant’.
score (integer) - Required¶
Overall Risk Score = Probability x Impact
details (string) - Optional¶
Additional details to describe the risk.
mitigation (string) - Optional¶
Description of the mitigation, either planned or implemented, if applicable.
status (string) - Required¶
Current status of this documented risk. Default status is open.