Topics Map > Office of Cybersecurity > Cyber Risk Management & Compliance
Topics Map > Office of Cybersecurity > Tools and Software > OneTrust
OneTrust - Common Risk Terms and Definitions
Term |
Definition |
---|---|
Inherent Risk Impact Level |
The impact that a risk would have on an organization if it occurred without controls to mitigate. |
Inherent Risk Probability Level |
The probability of the risk occurring if there were no controls in place. |
Inherent Risk Score |
The overall risk score without considering existing controls. |
Residual Risk Impact Level |
The impact a risk would have on an organization if it occurred with the current controls that are implemented. |
Residual Risk Probability Level |
The probability of the risk occurring with the current controls that are implemented. |
Residual Risk Score |
The overall risk score after considering existing controls. |
Target Risk Impact Level |
The desired impact that a risk would have on an organization if it occurred. |
Target Risk Probability Level |
The desired probability of the risk occurring. |
Target Risk Score |
The desired risk score. |
Category |
The associated category that the risk is assigned to. Example categories include:
|
Date Created |
The date in which the risk record was created. |
Deadline |
The deadline in which the risk must be resolved. |
Result |
The action taken on the risk. Actions include:
|
Treatment |
The process by which the risk owner actively mitigates the risk. |
Treatment Plan |
A plan that includes completing specific tasks, assigning a risk owner, and adding controls to mitigate the risk. |
Date Closed |
The date in which the risk treatment status was approved, and the risk record closed. |
Threat |
An incident that has the potential to cause harm or expose vulnerabilities. |
Vulnerability |
A known weakness that would allow attacks if not contained. |