Risk Mapping and Risk Mapping in Risk Management (Risk, Risk Heat Map, and Risk Management)

Edit subtitles

0:00 - 0:03

Risk Mapping in Risk Management. Welcome
0:03 - 0:05

to the Risk Management of Everything
0:05 - 0:08

channel. On this channel, you will find
0:08 - 0:10

videos on risk management and the
0:10 - 0:11

application of risk management to
0:11 - 0:14

diverse areas and sectors.
0:14 - 0:16

If you are new here, please consider
0:16 - 0:18

subscribing to our channel and press the
0:18 - 0:20

notification button so you can be
0:20 - 0:23

notified when we upload new videos.
0:23 - 0:25

Thank you. Risk mapping in risk
0:25 - 0:28

management is discussed in this video.
0:28 - 0:30

In this video, we'll discuss how a risk
0:30 - 0:33

map can be used by an organization to
0:33 - 0:34

manage its risks in an
0:34 - 0:35

easy-to-understand
0:35 - 0:39

way. Now, let us start.
0:39 - 0:41

Meaning of a Risk. Risk is the
0:41 - 0:44

uncertainty of a financial loss.
0:44 - 0:46

A risk exists where there is an
0:46 - 0:48

opportunity for a profit or a loss.
0:48 - 0:50

In terms of losses, we commonly refer to
0:50 - 0:53

the risks as exposures to loss,
0:53 - 0:56

or simply exposures. Fire is an exposure.
0:56 - 0:59

Defective products or defamation are
0:59 - 1:01

liability exposures.
1:01 - 1:03

The loss of business that results from a
1:03 - 1:05

damaged building or tarnished reputation
1:05 - 1:08

is also an exposure. Risks can come from
1:08 - 1:11

various sources including uncertainty in
1:11 - 1:12

international markets,
1:12 - 1:15

threats from project failures (at any
1:15 - 1:16

phase in design
1:16 - 1:19

development, production, or sustaining of
1:19 - 1:20

life-cycles),
1:20 - 1:24

legal liabilities, credit risk, accidents,
1:24 - 1:26

natural causes and disasters, deliberate
1:26 - 1:27

attack from an
1:27 - 1:29

adversary, or events of uncertain or
1:29 - 1:32

unpredictable root-cause.
1:32 - 1:34

There are two types of events which are:
1:34 - 1:35

(1)
1:35 - 1:37

negative events which can be classified
1:37 - 1:38

as risks or threats;
1:38 - 1:41

and (2) positive events that may be
1:41 - 1:43

classified as opportunities.
1:43 - 1:47

What is Risk Management? Risk management
1:47 - 1:49

is the process of identification,
1:49 - 1:52

analysis, and acceptance or mitigation of
1:52 - 1:54

uncertainty in investment decisions.
1:54 - 1:57

Organizations face many risks and they
1:57 - 1:59

must decide where to focus their
1:59 - 2:00

mitigation resources.
2:00 - 2:03

To handle or manage risks, organizations
2:03 - 2:06

usually have the options to avoid,
2:06 - 2:09

control, accept, or transfer risk. The
2:09 - 2:11

adverse effects of risk can be objective
2:11 - 2:14

or quantifiable like insurance premiums
2:14 - 2:15

and claims costs,
2:15 - 2:18

or subjective and difficult to quantify
2:18 - 2:20

such as damage to reputation or
2:20 - 2:21

decreased productivity.
2:21 - 2:23

By focusing attention on risk and
2:23 - 2:25

committing the necessary resources to
2:25 - 2:27

control and mitigate risk,
2:27 - 2:29

a business will protect itself from
2:29 - 2:31

uncertainty,
2:31 - 2:33

reduce costs, and increase the likelihood
2:33 - 2:36

of business continuity and success.
2:36 - 2:39

Meanwhile, a risk map can be used as a
2:39 - 2:41

tool to improve the risk management
2:41 - 2:43

system of an organization.
2:43 - 2:46

What is a Risk Map? A risk map, also known
2:46 - 2:48

as a risk heat map,
2:48 - 2:50

is a data visualization tool for
2:50 - 2:52

communicating specific risks an
2:52 - 2:54

organization faces.
2:54 - 2:56

A risk map is a graphical depiction of a
2:56 - 2:58

select number of a company's risks
2:58 - 3:00

designed to illustrate the impact or
3:00 - 3:02

significance of risks on one axis and
3:02 - 3:05

the likelihood or frequency on the other.
3:05 - 3:07

Risk mapping is used to assist in
3:07 - 3:08

identifying,
3:08 - 3:11

prioritizing, and quantifying (at a macro
3:11 - 3:12

level)
3:12 - 3:14

risks to an organization. This
3:14 - 3:17

representation often takes the form of a
3:17 - 3:19

two-dimensional grid with frequency
3:19 - 3:22

(or likelihood of occurrence) on one axis
3:22 - 3:23

and severity
3:23 - 3:25

(or degree of financial impact) on the
3:25 - 3:26

other axis;
3:26 - 3:27

the risks that fall in the
3:27 - 3:30

high-frequency/high-severity quadrant are
3:30 - 3:32

given priority risk management
3:32 - 3:35

attention. A risk map helps companies
3:35 - 3:37

identify and prioritize the risks
3:37 - 3:39

associated with their business.
3:39 - 3:42

The goal of a risk map is to improve an
3:42 - 3:44

organization's understanding of its risk
3:44 - 3:45

profile and appetite,
3:45 - 3:47

clarify thinking on the nature and
3:47 - 3:49

impact of risks,
3:49 - 3:51

and improve the organization's risk
3:51 - 3:52

assessment model.
3:52 - 3:54

In the enterprise, a risk map is often
3:54 - 3:57

presented as a two-dimensional matrix.
3:57 - 4:00

For example, the likelihood a risk will
4:00 - 4:02

occur may be plotted on the x-axis,
4:02 - 4:04

while the impact of the same risk is
4:04 - 4:06

plotted on the y-axis.
4:06 - 4:07

A risk map is considered a critical
4:07 - 4:10

component of enterprise risk management
4:10 - 4:12

because it helps identify risks that
4:12 - 4:14

need more attention.
4:14 - 4:16

Identified risks that fall in the high-frequency
4:16 - 4:18

and high-severity section can
4:18 - 4:21

then be made a priority by organizations.
4:21 - 4:23

If the organization is disbursed
4:23 - 4:26

geographically and certain risks are
4:26 - 4:28

associated with certain geographical
4:28 - 4:29

areas,
4:29 - 4:31

risks might be illustrated with a heat
4:31 - 4:33

map, using color to illustrate the levels
4:33 - 4:35

of risk to which individual branch
4:35 - 4:37

offices are exposed.
4:37 - 4:40

Why it's Important to Create a Risk Map?
4:40 - 4:42

A risk map offers a visualized,
4:42 - 4:44

comprehensive view of the likelihood and
4:44 - 4:47

impact of an organization's risks.
4:47 - 4:50

This helps the organization improve risk
4:50 - 4:51

management and risk governance by
4:51 - 4:54

prioritizing risk management efforts.
4:54 - 4:57

This risk prioritization enables them to
4:57 - 4:59

focus time and money on the most
4:59 - 5:02

potentially damaging risks identified in
5:02 - 5:02

a heat map
5:02 - 5:05

chart. A risk map also facilitates
5:05 - 5:07

interdepartmental dialogues about an
5:07 - 5:09

organization's inherent risks and
5:09 - 5:11

promotes communication about
5:11 - 5:14

risks throughout the organization. It
5:14 - 5:16

helps organizations visualize risks in
5:16 - 5:18

relation to each other,
5:18 - 5:19

and it guides the development of a
5:19 - 5:21

control assessment of how to deal with
5:21 - 5:23

the risks and the consequence of those
5:23 - 5:25

risks.
5:25 - 5:28

Benefits of Using Risk Heat Maps.
5:28 - 5:30

Risk heat maps can offer significant
5:30 - 5:32

benefits to organizations.
5:32 - 5:34

Here are some of the benefits of using
5:34 - 5:38

risk heat maps by an organization:
5:38 - 5:41

A visual, big picture, holistic view that
5:41 - 5:42

can be shared to make strategic
5:42 - 5:44

decisions;
5:44 - 5:46

Improved management of risks and
5:46 - 5:48

governance of the risk management
5:48 - 5:50

process;
5:50 - 5:52

Increased focus on risk appetite and the
5:52 - 5:55

risk tolerance of the company;
5:55 - 5:57

More precision in the risk assessment
5:57 - 5:59

and mitigation process;
5:59 - 6:03

and Greater integration of risk
6:03 - 6:06

management actions across the enterprise.
6:06 - 6:08

The Importance of Risk Mapping Business
6:08 - 6:10

Organizations.
6:10 - 6:12

Why should your organization be using
6:12 - 6:13

risk maps?
6:13 - 6:16

Building a risk map brings valuable
6:16 - 6:17

benefits.
6:17 - 6:19

You will have a thorough understanding
6:19 - 6:20

of your risk environment
6:20 - 6:22

and how individual risks compare to one
6:22 - 6:23

another.
6:23 - 6:25

You can use this to strategically
6:25 - 6:27

prioritize your risks and determine
6:27 - 6:30

where to use your limited resources.
6:30 - 6:32

The map can help the company visualize
6:32 - 6:34

how risks in one part of the
6:34 - 6:36

organization can affect operations of
6:36 - 6:38

another business unit within the
6:38 - 6:39

organization.
6:39 - 6:41

A risk map also adds precision to an
6:41 - 6:44

organization's risk assessment strategy
6:44 - 6:44

and
6:44 - 6:47

identifies gaps in an organization's
6:47 - 6:49

risk management processes.
6:49 - 6:51

A risk map is built by plotting the
6:51 - 6:53

frequency of a risk on the y-axis of the
6:53 - 6:56

chart and the severity on the x-axis.
6:56 - 6:58

Frequency is how likely the risk is or
6:58 - 7:00

how often you think it will occur;
7:00 - 7:02

severity is how much of an impact it
7:02 - 7:04

would have if it did occur.
7:04 - 7:06

The higher risk ranks for these
7:06 - 7:08

qualities, the more threatening it is to
7:08 - 7:10

your organization.
7:10 - 7:13

The most severe and frequent risks, your
7:13 - 7:14

primary risks,
7:14 - 7:15

are critical and would hinder your
7:15 - 7:17

ability to conduct business.
7:17 - 7:20

Risks that are severe but unlikely, that
7:20 - 7:22

is your "detect and monitor" risks,
7:22 - 7:24

are those risks that should be watched
7:24 - 7:26

but don't require heavy mitigation
7:26 - 7:28

strategies.
7:28 - 7:29

Risks that are highly likely but
7:29 - 7:32

insignificant, your monitor risks,
7:32 - 7:34

will not impact your ability to continue
7:34 - 7:36

operations.
7:36 - 7:38

Finally, the risks that are low in both
7:38 - 7:40

frequency and severity,
7:40 - 7:42

your low control risks, can be revisited
7:42 - 7:44

on a yearly basis to ensure
7:44 - 7:47

the risk remains low. Risk maps are a
7:47 - 7:49

valuable tool as they assist
7:49 - 7:51

organizations to:
7:51 - 7:54

1. Understand the risk environment.
7:54 - 7:56

Risk management begins with building a
7:56 - 7:58

list of all risks your organization
7:58 - 8:02

faces. Depending on your industry, this
8:02 - 8:03

number could range from a handful to
8:03 - 8:04

hundreds.
8:04 - 8:06

Risk mapping is beneficial because it
8:06 - 8:08

requires you to assess
8:08 - 8:09

each risk and its causes and
8:09 - 8:12

consequences individually.
8:12 - 8:14

It also allows you to look at your risk
8:14 - 8:16

environment as a whole and understand
8:16 - 8:19

how frequencies and severities compare.
8:19 - 8:21

Finally, a risk map is a visual that
8:21 - 8:23

anyone in your organization can use to
8:23 - 8:25

see the big picture of risks most
8:25 - 8:26

prominent
8:26 - 8:29

in your industry or workplace. 2.
8:29 - 8:32

Prioritize mitigation strategies.
8:32 - 8:35

With limited resources, it's important to
8:35 - 8:38

be strategic about mitigation techniques.
8:38 - 8:40

Risk mapping allows you to determine
8:40 - 8:42

what steps to take first:
8:42 - 8:44

implement prevention tactics for the
8:44 - 8:46

most frequent and severe risks before
8:46 - 8:48

moving onto others.
8:48 - 8:50

This prioritization method ensures that
8:50 - 8:52

you address the risk that have the most
8:52 - 8:54

potential to cause harm to your
8:54 - 8:55

organization.
8:55 - 8:59

3. Allocate limited resources.
8:59 - 9:01

Whether your organization consists of
9:01 - 9:03

2 employees or 2,000,
9:03 - 9:06

risk managers have limited resources.
9:06 - 9:08

Risk mapping allows you to use them to
9:08 - 9:10

prevent primary risks.
9:10 - 9:13

D&M risks should be revisited several
9:13 - 9:15

times a year to ensure appropriate
9:15 - 9:16

management.
9:16 - 9:19

Similarly, monitor risks typically only
9:19 - 9:21

need to be checked yearly to ensure
9:21 - 9:23

their potential impact hasn't grown.
9:23 - 9:26

Finally, by figuring out which risks are
9:26 - 9:27

low control,
9:27 - 9:29

you will know where not to spend time
9:29 - 9:30

and money.
9:30 - 9:32

However, keep in mind that no risk can be
9:32 - 9:34

completely ignored:
9:34 - 9:36

make sure you still consider these in
9:36 - 9:38

future assessments and ensure that the
9:38 - 9:41

low-risk status has not changed.
9:41 - 9:45

4. Receive better insurance premiums.
9:45 - 9:47

Risk maps can also help your
9:47 - 9:48

organization in becoming an
9:48 - 9:50

international standard
9:50 - 9:53

organization (ISO) certified,
9:53 - 9:54

as it shows that you have an
9:54 - 9:56

understanding of your risk environment
9:56 - 9:59

and a strategic plan for moving forward.
9:59 - 10:01

This can also help you receive
10:01 - 10:03

competitive insurance premiums.
10:03 - 10:06

Insurers are looking for good risk, or
10:06 - 10:07

companies they believe will have minimal
10:07 - 10:09

losses.
10:09 - 10:12

Key Considerations for Risk Heat Maps.
10:12 - 10:14

To develop an effective cybersecurity
10:14 - 10:15

risk heat map,
10:15 - 10:19

consider these critical elements:
10:19 - 10:21

What are your most critical systems and
10:21 - 10:22

information assets
10:22 - 10:26

(those you want to map)? How accurate is
10:26 - 10:29

the data and where is it coming from?
10:29 - 10:32

What is your organization's appetite for
10:32 - 10:33

risk?
10:33 - 10:35

What categories and levels of impact
10:35 - 10:37

would be considered material,
10:37 - 10:40

for example, monetary, brand reputation,
10:40 - 10:43

and other related impacts?
10:43 - 10:45

What is the range of acceptable variance
10:45 - 10:47

from your key performance and operating
10:47 - 10:48

metrics?
10:48 - 10:52

And how will you define terms to
10:52 - 10:54

integrate potential risk events with
10:54 - 10:55

your heat map?
10:55 - 10:58

How to Build a Risk Map. A risk map is
10:58 - 11:00

built by plotting the frequency of a
11:00 - 11:02

risk on the y-axis of the chart and the
11:02 - 11:04

severity on the x-axis.
11:04 - 11:07

Frequency is how likely the risk is or
11:07 - 11:09

how often you think it will occur.
11:09 - 11:11

Severity is how much of an impact it
11:11 - 11:12

would have if it did happen.
11:12 - 11:14

The higher risk ranks for these
11:14 - 11:16

qualities, the more threatening it is to
11:16 - 11:18

your organization.
11:18 - 11:20

Let us discuss tips on how to build a
11:20 - 11:22

risk map.
11:22 - 11:24

Here are four tips on how to build a
11:24 - 11:25

risk map:
11:25 - 11:28

1. Involve people from all parts of
11:28 - 11:30

your organization.
11:30 - 11:32

Risk mapping is not a process that
11:32 - 11:34

should be conducted by one person.
11:34 - 11:36

Every person in your business, from the
11:36 - 11:38

CEO to the intern,
11:38 - 11:40

will have different ideas about what
11:40 - 11:42

risks are most prevalent to your
11:42 - 11:45

industry. You cannot involve everyone, but
11:45 - 11:47

ask multiple people from various
11:47 - 11:49

departments and levels of authority to
11:49 - 11:51

ensure you are getting unique viewpoints.
11:51 - 11:53

This will also allow you to discover
11:53 - 11:55

risks that you may not have previously
11:55 - 11:58

considered and gain new perspectives on
11:58 - 12:01

how frequent or severe a risk really is.
12:01 - 12:04

2. Understand each risk.
12:04 - 12:06

Simply naming your risks does not allow
12:06 - 12:09

you to build an effective risk map.
12:09 - 12:11

You must assess each scenario with a
12:11 - 12:13

strong understanding of the business and
12:13 - 12:15

how the risks can impact your ability to
12:15 - 12:17

continue operations.
12:17 - 12:19

Think about what is likely to cause the
12:19 - 12:20

risk and the consequences it will have
12:20 - 12:22

if it occurs.
12:22 - 12:24

It is also important to be consistent in
12:24 - 12:26

how you rank each risk in terms of
12:26 - 12:29

frequency and severity so that the final
12:29 - 12:31

product is a clear depiction of how the
12:31 - 12:33

risks compare to each other.
12:33 - 12:37

3. Seek guidance. If consulting those
12:37 - 12:39

within your organization isn't providing
12:39 - 12:41

a sufficient understanding,
12:41 - 12:44

look elsewhere. You can try to determine
12:44 - 12:46

how likely and impactful a risk will be
12:46 - 12:49

based on your experience and past losses,
12:49 - 12:51

but what if you're a start-up company? You
12:51 - 12:52

can ask an expert:
12:52 - 12:54

many insurance providers are able to
12:54 - 12:57

assist with risk management tools,
12:57 - 12:59

and if not, they can likely suggest
12:59 - 13:01

someone who can.
13:01 - 13:02

You can also look at similar
13:02 - 13:05

organizations and industry statistics to
13:05 - 13:07

help guide your risk ranking.
13:07 - 13:10

4. Revisit and modify.
13:10 - 13:12

You've built your risk map and are now
13:12 - 13:15

using it to help manage and mitigate-
13:15 - 13:17

great! But it's important to remember
13:17 - 13:19

that your risk landscape is constantly
13:19 - 13:20

changing.
13:20 - 13:22

Revisit your rankings with the risk
13:22 - 13:24

management team at least
13:24 - 13:26

quarterly, to discuss if the status of
13:26 - 13:29

any existing risks has changed or if any
13:29 - 13:31

new risks should be placed on the map.
13:31 - 13:34

Doing so will ensure that your risk map
13:34 - 13:36

is a consistently helpful tool that will
13:36 - 13:37

help you reduce
13:37 - 13:40

incidents and costs. Major Ways to Use
13:40 - 13:44

Risk Heat Maps by Organizations.
13:44 - 13:46

Where charts have to be interpreted and
13:46 - 13:47

tables have to be understood,
13:47 - 13:49

heat maps are self-explanatory and
13:49 - 13:50

intuitive.
13:50 - 13:52

Because they are tailor-made for putting
13:52 - 13:55

massive data sets into a context that's
13:55 - 13:56

easy to understand,
13:56 - 13:58

they are increasingly valued as a
13:58 - 14:00

superior data visualization tool in
14:00 - 14:03

cybersecurity for identifying,
14:03 - 14:06

prioritizing, and mitigating risks.
14:06 - 14:09

Here are three major ways to use risk
14:09 - 14:10

heat maps by
14:10 - 14:14

organizations: 1. Risk impact heat map to
14:14 - 14:16

show the likelihood of a risk event
14:16 - 14:16

happening
14:16 - 14:18

vs. business impact of such that
14:18 - 14:19

event.
14:19 - 14:22

Risk is the product of breach likelihood
14:22 - 14:23

and breach impact.
14:23 - 14:26

In this type of heat map, the horizontal
14:26 - 14:28

axis shows the likelihood of a
14:28 - 14:30

cybersecurity breach.
14:30 - 14:32

The vertical axis shows the business
14:32 - 14:33

impact of a breach.
14:33 - 14:36

The colors are risk areas, for example,
14:36 - 14:39

green colored boxes indicate no
14:39 - 14:41

action needed and red boxes indicating
14:41 - 14:43

immediate action needed.
14:43 - 14:45

The individual risk items are then
14:45 - 14:47

plotted on the heat map based upon the
14:47 - 14:49

Business Impact and Likelihood of breach
14:49 - 14:50

happening.
14:50 - 14:52

This can be computed as follows: Risk is
14:52 - 14:56

equal to impact times likelihood.
14:56 - 14:59

2. Comparing breach likelihood across
14:59 - 15:00

different business
15:00 - 15:03

areas. Risk heat maps can be used by an
15:03 - 15:05

organization to comparing breach
15:05 - 15:07

likelihood across different business
15:07 - 15:08

areas.
15:08 - 15:10

Here is an example of a heat map that IT
15:10 - 15:12

can use to compare breach likelihood
15:12 - 15:13

across different
15:13 - 15:16

areas or groups. Such charts can be
15:16 - 15:18

created for multiple types of risk
15:18 - 15:19

groups-
15:19 - 15:22

asset types, locations, business units,
15:22 - 15:26

and more. 3. Mapping information
15:26 - 15:27

technology
15:27 - 15:29

(IT) asset inventory by type and risk
15:29 - 15:32

associated with each of those categories.
15:32 - 15:34

Risk heat maps can be used by an
15:34 - 15:36

organization for mapping IT
15:36 - 15:38

asset inventory based on the type of IT
15:38 - 15:41

asset inventory and risk associated with
15:41 - 15:43

each of those categories.
15:43 - 15:45

Here is an example of a heat map that IT
15:45 - 15:47

can use to map IT
15:47 - 15:49

asset inventory by type and risk
15:49 - 15:52

associated with each of those categories.
15:52 - 15:55

How to Create or Build a Risk Map. For
15:55 - 15:56

the heat map to be insightful and
15:56 - 15:57

comprehensive,
15:57 - 16:00

it should be created using accurate, and
16:00 - 16:02

complete information.
16:02 - 16:04

Identification of inherent risks is the
16:04 - 16:06

first step in creating a risk map.
16:06 - 16:09

Risks can be broadly categorized into
16:09 - 16:10

strategic risk,
16:10 - 16:13

compliance risk, operational risk,
16:13 - 16:16

financial risk, and reputational risk,
16:16 - 16:18

but organizations should aim to chart
16:18 - 16:20

their own lists by taking into
16:20 - 16:22

consideration specific factors that
16:22 - 16:24

might affect them financially.
16:24 - 16:26

Once the risks have been identified, it
16:26 - 16:29

is necessary to understand what kind of
16:29 - 16:31

internal or external events are driving
16:31 - 16:32

the risks.
16:32 - 16:34

The next step in risk mapping is
16:34 - 16:37

evaluating the risks: estimating the
16:37 - 16:38

frequency,
16:38 - 16:40

the potential impact and possible
16:40 - 16:42

control processes to offset the risks.
16:42 - 16:45

The risks should then be prioritized. The
16:45 - 16:48

most impactful risks can be managed by
16:48 - 16:50

applying control processes to help
16:50 - 16:52

lessen their potential occurrence.
16:52 - 16:54

As threats evolve and vulnerabilities
16:54 - 16:57

change, a risk map must be re-evaluated
16:57 - 16:58

periodically.
16:58 - 17:01

Organizations also must review their
17:01 - 17:03

risk maps regularly to ensure key risks
17:03 - 17:04

are being managed
17:04 - 17:07

effectively. For example, let us briefly
17:07 - 17:09

consider how a firm can build a
17:09 - 17:11

cyber risk heat map.
17:11 - 17:13

Cybersecurity heat maps involve an
17:13 - 17:15

extensive and disciplined assessment
17:15 - 17:16

process at the back end,
17:16 - 17:18

in order to present a simple
17:18 - 17:20

visualization of risks and recommended
17:20 - 17:22

actions at the front end.
17:22 - 17:24

The heat map is an essential and useful
17:24 - 17:27

output of your overall cybersecurity
17:27 - 17:29

assessment and vulnerability management
17:29 - 17:32

process. With a rapidly increasing attack
17:32 - 17:32

surface,
17:32 - 17:35

the first step is to accurately measure
17:35 - 17:37

a cyber risk attack surface.
17:37 - 17:39

This means getting complete visibility
17:39 - 17:41

into all your IT
17:41 - 17:44

assets (devices, apps, and users)
17:44 - 17:46

and then continuously monitoring them
17:46 - 17:49

across all 200+ attack vectors in
17:49 - 17:50

adversaries' arsenals.
17:50 - 17:53

The company, therefore, need to regularly
17:53 - 17:56

analyze the observations to derive risk
17:56 - 17:57

insights.
17:57 - 17:59

This is a layered calculation that
17:59 - 18:01

involves incorporating information about
18:01 - 18:04

threats, vulnerabilities, mitigating
18:04 - 18:05

actions,
18:05 - 18:08

business criticality, impact elasticity,
18:08 - 18:11

and time-to-repair. Conclusion.
18:11 - 18:13

Risk mapping in risk management has been
18:13 - 18:15

discussed in this video.
18:15 - 18:18

A risk map (or risk heat map) is a
18:18 - 18:20

graphical representation of cyber risk
18:20 - 18:22

data where the individual values
18:22 - 18:24

contained in a matrix are represented as
18:24 - 18:26

colors that connote meaning.
18:26 - 18:28

Risk heat maps are used to present cyber
18:28 - 18:30

risk assessment results in an
18:30 - 18:31

easy to understand,
18:31 - 18:34

visually attractive and concise format.
18:34 - 18:37

Risk maps can be used by an organization
18:37 - 18:39

to improve its risk management culture.
18:39 - 18:42

Risk maps can, therefore, assist to
18:42 - 18:44

enhance understanding and prioritization
18:44 - 18:47

of a firm's risk management system.
18:47 - 18:49

In short, heat maps present a very
18:49 - 18:52

complex set of facts in an easily
18:52 - 18:53

digestible way.
18:53 - 18:55

This helps organizations to enhance
18:55 - 18:56

their resilience
18:56 - 18:58

in the highly challenging business
18:58 - 19:00

environment.
19:00 - 19:01

Hope the video is educative and
19:01 - 19:03

beneficial to you?
19:03 - 19:05

Which aspect of the risk mapping in risk
19:05 - 19:07

management discussed in this video do
19:07 - 19:09

you consider to be more relevant in your
19:09 - 19:10

organization?
19:10 - 19:13

Please post your answer to this question
19:13 - 19:15

in the comment section below.
19:15 - 19:17

If this video has been helpful and
19:17 - 19:18

beneficial to you;
19:18 - 19:20

then, give it a thumbs up and share it
19:20 - 19:22

with your friends.
19:22 - 19:23

Thank you for watching the Risk
19:23 - 19:26

Management of Everything videos.
19:26 - 19:28

We love to hear from you. Please post
19:28 - 19:29

your comments and
19:29 - 19:32

questions in the comment section down
19:32 - 19:34

below. If you are new here,
19:34 - 19:36

please subscribe to our channel Risk
19:36 - 19:37

Management of Everything
19:37 - 19:40

and press the notification button so you
19:40 - 19:42

can be notified when we upload new
19:42 - 19:43

videos.
19:43 - 19:46

Thank you.

Title:: Risk Mapping and Risk Mapping in Risk Management (Risk, Risk Heat Map, and Risk Management)
Description:: more » « less
Video Language:: English
Duration:: 19:44

	OEVIDEOS edited English subtitles for Risk Mapping and Risk Mapping in Risk Management (Risk, Risk Heat Map, and Risk Management)
	OEVIDEOS edited English subtitles for Risk Mapping and Risk Mapping in Risk Management (Risk, Risk Heat Map, and Risk Management)

English subtitles

Revisions Compare revisions

Revision 2 Edited

OEVIDEOS
Revision 1 Uploaded

OEVIDEOS

	Revision Number	Author	Created
	2	OEVIDEOS
	1	OEVIDEOS

Risk Mapping and Risk Mapping in Risk Management (Risk, Risk Heat Map, and Risk Management)

Revisions Compare revisions

Our website uses cookies

Operating cookies (Required)