Skip to main content

Risk Management
& Threat Assessment

Identify, assess, treat, and monitor cybersecurity risks with a structured, quantitative methodology. ISO 27001 and ISO 27005 aligned — with visual dashboards, a comprehensive risk register, and full audit trails.

Get Started Free View Documentation
Unicis Risk Management module logo

What is Cybersecurity Risk Management?

The Unicis Cybersecurity Risk Management module provides a structured risk register for identifying, assessing, and treating information security risks. It is aligned with ISO/IEC 27001, ISO/IEC 27005:2022, and incorporates ISO/IEC 27554:2024 for identity-related risks — giving your security team a methodology that satisfies even the most demanding auditors.

Primary Risk Formula

Risk = Probability × Impact

Both values as percentages. Best for ranking and prioritizing risks for management decisions.

Alternative Formula

Risk = Threat × Vulnerability × Impact

For recurring incidents with historical data: malware, data entry errors, spam.

5 Risk Treatment Options

Every risk needs a treatment decision. Choose from five industry-standard options with full cost and progress tracking.

Accept Acknowledge and monitor
Mitigate Apply security controls
Transfer Insurance or outsourcing
Avoid Stop the activity
Monitor Watch and review

A Risk Program That Satisfies Auditors

From quantitative assessment to treatment tracking to visual dashboards — everything your ISO 27001 audit needs.

Quantitative Risk Assessment Methodology

Move beyond qualitative red/amber/green heat maps. Unicis Risk Management uses a quantitative formula based on ISO/IEC 27001 and ISO/IEC 27005:2022 — expressing both probability and impact as percentages for precise, defensible risk ratings that support management decisions.

  • Primary formula: Risk = Probability (%) × Impact (%)
  • Alternative formula: Risk = Threat × Vulnerability × Impact (for recurring incidents)
  • Both Raw Risk Rating (pre-treatment) and Current Risk Rating (post-treatment)
  • Target Risk Rating shows expected position after full control implementation
  • Aligned with ISO/IEC 27001, ISO/IEC 27005:2022, and ISO/IEC 27554:2024
View Documentation

5 Risk Treatment Options

Every identified risk needs a treatment decision. Unicis Risk Management provides five treatment pathways aligned with industry best practices — from eliminating the risk entirely to accepting it with full documentation. Each treatment tracks cost, status, and residual risk.

  • Accept — acknowledge and monitor without active mitigation
  • Mitigate (Control Implementation) — apply security measures to reduce probability/impact
  • Transfer — share the risk through insurance or outsourcing
  • Avoid — eliminate the risk by discontinuing the activity
  • Monitor — track emerging risks with defined review cycles
View Plans

Comprehensive Risk Register (15+ Fields)

The Unicis Risk Register captures everything you need for a defensible, audit-ready risk management program. From initial risk description to treatment cost and implementation progress — all in a structured table that your auditors and management team will trust.

  • Risk ID, Description, and Asset Owner assignment
  • Raw Probability, Raw Impact, and Raw Risk Rating
  • Risk Treatment selection with cost estimation
  • Treatment Status (0–100% implementation progress)
  • Treated Probability, Treated Impact, and Target Risk Rating
  • Current Risk Rating (live, based on treatment progress)
  • Notes field linked to task description and comments

Visual Risk Rating Dashboard

Your risk landscape visualized. The dashboard presents two complementary views: a Current Risk Rating chart showing where you stand today, and a Target Risk Rating matrix showing where you'll be once all controls are implemented. Color-coded for instant executive comprehension.

  • Current Risk Rating chart — present risk levels based on implemented treatments
  • Target Risk Rating matrix — expected risk after full control implementation
  • Color formatting: green (low), amber (medium), red (high) — 0% to 100%
  • Pie chart for risk distribution by treatment option
  • Full audit trail for risk register changes

Available on Premium & Ultimate

Cybersecurity Risk Management is a premium feature for organizations running structured information security programs.

Premium

Full risk management for growing security teams.

  • Full risk register (15+ fields)
  • Quantitative risk formula
  • 5 treatment options with cost tracking
  • Current & Target Risk Rating dashboards
  • Full audit trail
  • ISO/IEC 27001 & 27005 aligned
View Premium Plan

Ultimate

Enterprise-grade with all frameworks and dedicated support.

  • Everything in Premium
  • NIST CSF 2.0 & SOC 2 controls
  • All 8 cybersecurity frameworks
  • Cross-framework mapping
  • Advanced compliance reporting
  • Dedicated support & SLA
View Ultimate Plan

Build a risk program your auditors will trust

Structured, quantitative, ISO 27001-aligned risk management — without the spreadsheet chaos.

View Plans View Documentation