Create a risk matrix in which you:
- Consider the potential vulnerabilities or threats facing the organization.
- Describe the risk each vulnerability or threat would have on the organization in terms of its people, network, data, or reputation.
- Explain the impact of each risk on the organization.
- Provide defined mitigation for each vulnerability, such as an incident response plan, disaster recovery plan, or business continuity plan. Give a defined reason why a vulnerability or threat would not be mitigated, such as the use of a different risk control strategy, if appropriate.
Note* This is not a summary risk matrix, this is the detailed matrix that includes all of the above as columns in a table.
As part of your risk management plan, provide an executive summary of the major issues that are shown in the matrix and the impact they may have on business operations.