What is the Diri Risk Matrix?
The Risk Matrix in Diri is a classic visualization matrix that illustrates risks on two axes, with probability on the Y-axis and consequence on the X-axis. In Diri, a risk is a combination of a cause, an event, and a consequence. The cause has a probability of occurring, and the consequence has a severity estimate. The probability of occurrence for the cause is the answer to how likely it is that a threat will exploit a vulnerability. The consequence is estimated from the harm done to assets. The cause is managed with probability-reducing treatments, and the consequence is managed with consequence-reducing treatments.
The figure shows the risk matrix in Diri with illustrations of threat exploiting vulnerability for the probability estimation and consequence for assets (crown jewels) for the x-axis.
Risk calculations
In the above picture you can see that the matrix has four different views for the risk picture. A risk has four different settings in Diri:
- Before treatments = Display without any treatments, also called inherent risk
- Current = Displays the current risk picture with implemented treatments
- Planned risk = Display the "accepted" risk picture with implemented, planned, and ongoing treatments
- All treatments = The risk picture if all of the treatments in the database (open, suggested, planned, ongoing, and implemented)
Using the risk matrix
Picture illustrating the drilldown functionality from clicking on a risk in the matrix. Access the risk assessment by clicking on the risk assessment.
All of the risk matrices is available in Diri offers drilldown functionlity. It is available in three places:
- The risk matrix in the main dashboard shows the aggregated risk picture from all the assessments visible to you. Allows you to drill down into a specific risk assessment by clicking the risk bubble and selecting the risk you wish to examine.
- The risk matrix in the risk assessment dashboard shows the risk picture for the current object being assessed. Allows for drill down into a specific risk in the risk analysis.
- The risk matrix in the risk assessment dashboard step 4 - Treatment plan is used for cost benefit analysis of treatments. Allows for a quick jump back into the risk analysis.
Configuring the risk matrix
Access "Settings" to tailor your risk matrix the way you want. You can use between 3 to 6 levels and each level can named according to your risk management policy.
Read more about configuration.You have the options to set the levels as you wish. The below example uses numerical and logarithmic scales instead of subjective risk levels.
Example of a risk matrix with five descriptions and numerical logarithmic scales in Diri