Record of Processing Activities 
Transfer Impact Assessment 
Privacy Impact Assessment 
Cybersecurity Controls 
Cybersecurity Risk Management 
Interactive Awareness Program Platform Modules
Cybersecurity Risk Management - Unicis.Tech OÜ Docs
Structured risk register for identifying, assessing, and mitigating information security risks, aligned with ISO/IEC 27001 and ISO/IEC 27005.
The Cybersecurity Risk Management module provides organizations with a structured and effective way to identify, assess, and mitigate information security risks. It is built on ISO/IEC 27001 and aligned with ISO/IEC 27005
, and serves as a risk register that helps businesses evaluate and manage risks in a systematic manner.The module also incorporates ISO/IEC 27554
, which applies ISO 31000 risk management principles to identity-related risks, helping organizations assess threats related to identity management and access control.This module can be used standalone or as an integrated part of a broader security management program.
Dashboard
The dashboard consists of two sections.
Risk Rating Charts
- Current Risk Rating Chart — displays the current level of risk based on implemented risk treatments
- Target Risk Rating Matrix — represents the expected risk levels after full implementation of controls
Risk Register Table
| Column | Description |
|---|---|
| ID | Unique identifier for each risk, corresponding to a Task ID |
| Risk Description | Brief summary of the identified risk |
| Asset Owner | Person responsible for managing the risk |
| Impact | Potential business impact if the risk occurs |
| Raw Probability | Likelihood of the risk occurring without treatment (%) |
| Raw Impact | Estimated business impact without treatment (%) |
| Raw Risk Rating | Raw Probability × Raw Impact |
| Risk Treatment | Mitigation strategy (Avoid / Transfer / Accept / Control) |
| Treatment Cost | Estimated cost for mitigating the risk |
| Treatment Status | Implementation progress of the planned treatment (0–100%) |
| Treated Probability | Expected likelihood after treatment (shown in bold if different from raw) |
| Treated Impact | Expected impact after treatment (shown in bold if different from raw) |
| Target Risk Rating | Expected risk level after full control implementation |
| Current Risk Rating | Present risk rating based on treatment progress |
| Notes | Additional context; can be added to task description or comments |
Risk Assessment Methodology
The risk register provides a systematic approach to identifying, assessing, and managing information security risks. This methodology is aligned with ISO/IEC 27001 and ISO/IEC 27005
, ensuring a consistent and transparent risk management process.Risk Calculation
Both values are expressed as percentages. While not mathematically rigorous, this approach is effective in ranking and prioritizing risks for management decision-making.
An alternative formula can be used when historical data is available:
This approach is particularly useful for frequently occurring incidents such as data entry errors, malware, or spam, where quantitative values can be reliably assigned.
Risk Treatment Options
| Option | Description |
|---|---|
| Avoid | Eliminate the risk by discontinuing the activity that gives rise to it |
| Transfer | Share the risk with another party (e.g., via insurance or outsourcing) |
| Accept | Acknowledge and monitor the risk without active mitigation |
| Control Implementation | Apply security measures to reduce probability and/or impact |
Activity Logs
Access audit logs by opening the associated task and navigating to Audit Logs → Risk Audit Logs.
Logged events:
- Created
- Updated
- Deleted