In my many years of working in the field of risk management, I've come across a wide variety of ways that different organizations and people use to prioritize risks.  These are commonly referred to as "Risk Scoring Methodologies".  In SimpleRisk, we currently support six different risk scoring methodologies:

Anyone who has studied for the CISSP exam knows that the "textbook" definition of risk scoring is Risk = Likelihood x Impact.  Typically, the Likelihood and Impact values are represented by ordinal numbers, which are mapped to some qualified value.  We then use a matrix to represent the intersection of these values in order to obtain a final risk score.  Some organizations will use a 3x3 matrix.  Some may use a 10x10.  Here at SimpleRisk, we've seen just about every combination you could imagine in-between, but the most common scenario is a matrix with five Likelihood values and five Impact

Back in 2013, when I first started working on SimpleRisk in my spare time on nights and weekends, I started using a massive Trello board to track all of the features I would need to do my job as a risk manager.  I used a relatively simple scheme of labeling each card as yellow, orange, or red to indicate the priority.  With each new feature I added, more organizations would adopt the platform; and with each new organization came fresh ideas on how to continually drive the product forward.  We still routinely get feature requests from customers and, today, that Trello board has grown t

Subscribe to prioritization