Topics Map > Office of Cybersecurity > Tools and Software
Topics Map > Office of Cybersecurity > Cyber Risk Management & Compliance

OneTrust - Common Risk Terms and Definitions

This article includes common terms associated with the OneTrust platform.

Term

Definition

Inherent Risk Impact Level

The impact that a risk would have on an organization if it occurred without controls to mitigate.

Inherent Risk Probability Level

The probability of the risk occurring if there were no controls in place.

Inherent Risk Score

The overall risk score without considering existing controls.

Residual Risk Impact Level

The impact a risk would have on an organization if it occurred with the current controls that are implemented.

Residual Risk Probability Level

The probability of the risk occurring with the current controls that are implemented.

Residual Risk Score

The overall risk score after considering existing controls.

Target Risk Impact Level

The desired impact that a risk would have on an organization if it occurred.

Target Risk Probability Level

The desired probability of the risk occurring.

Target Risk Score

The desired risk score.

Category

The associated category that the risk is assigned to. Example categories include:

  • Financial

  • Geographic

  • Operational

  • Regulatory/Compliance

  • Security

Date Created

The date in which the risk record was created.

Deadline

The deadline in which the risk must be resolved.

Result

The action taken on the risk. Actions include:

  • Accepted

  • Avoided

  • Ignored

  • Reduced

  • Rejected

  • Transferred

Treatment

The process by which the risk owner actively mitigates the risk.

Treatment Plan

A plan that includes completing specific tasks, assigning a risk owner, and adding controls to mitigate the risk.

Date Closed

The date in which the risk treatment status was approved, and the risk record closed.

Threat

An incident that has the potential to cause harm or expose vulnerabilities.

Vulnerability

A known weakness that would allow attacks if not contained.





Keywords:Common Risk Terms and Definitions, OneTrust, Risk Management & Compliance   Doc ID:109480
Owner:Peter V.Group:Office of Cybersecurity
Created:2021-03-02 13:38 CDTUpdated:2021-03-02 13:40 CDT
Sites:Office of Cybersecurity
Feedback:  0   0