Conformio risk register, confused by some of the threat mappings for Human Resources
The Conformio risk register defines the following
Threat is what kind of negative thing can happen to your asset because the vulnerability exists.
The mapping path is Asset to Vulnerabilty to Threat
Asset: Employees with specific expertiese ( system admin, security experts )
Vulnerability: Replacement person does not exist or is inadequate
Threat: Earthquake / Fire / Flood / Storm ?
Of the 12 items listed, only 2 seem reasonable - breach of contracts and information disclosure
Seems like this mapping needs some work, or am I misunderstanding something ?