Graphical presentation of risks
Assign topic to the user
The method I have considered using is to add all the final scores and then divide by the number of assessed risks, i.e. final combined total of all risk values 60; number of threats assessed 8 = average risk value of: 7.5
Other options I have considered would be to simply show the highest and lowest risk (to give a risk range).
I’m not entirely sure the averaging method is viable so your advice would be really appreciated.
Answer: For graphical forms to present risk information to senior management you should consider:
- Number or percentile of risks per risk level (e.g., 7 low, 19 medium, and 3 high, or 22% low, 68% medium, and 10% high).
- Number of risks per department
- Number of risks pe r process
- Number of risks per asset
To senior management, more important than risk range and average value is how the risks are distributed between risk levels or elements of the ISMS scope (e.g., departments or processes), so this will give then a general view of the risks the organization is exposed to.
In terms of format, the most used are the bar graph or the pizza graph.
Comment as guest or Sign in
Nov 13, 2017