View on GitHub


Repository for the Open Information Security Risk Universe


Consequences are the possible harm resulting from a risk event occurring including loss, injury, or other adverse or unwelcome circumstance.

The use of Level 1 consequences is just a convenient grouping.

Level 1 Consequences Level 2 Consequences
Operations Reduced growth
  Business Disruption
  Ineffective Change
  Slow recovery
  Reduced access to staff / skills
  Loss of suppliers
  Environmental harm
  Safety failure
  Social harm
  Medical harm
Compliance Non-compliance
  Poor conduct / integrity
  Damaged regulator relations
  Regulatory fines
  Legal challenge
Financial Theft of money
  Unplanned costs
  increased costs / inefficiency
Strategic Damaged reputation
  Embarrassing reporting
  Damaged investor relations