Risk Register
Structure
Each risk entry includes:
- Risk ID
- Asset
- Scenario
- Likelihood
- Impact
- Risk Level
- Associated Controls
Example Entry
Risk ID: R-01
Asset: VPS
Scenario: Unauthorized administrative access
Likelihood: Medium
Impact: High
Risk Level: High
Associated Controls:
- SSH hardening
- Key-based authentication
- Firewall restrictions
Maintenance
The risk register is reviewed after:
- Infrastructure changes
- Audit simulation
- Detection gap analysis