RISK-0002
Risk summary
- Likelihood
- 3
- Impact
- 5
- Score
- 15
- Level
- High
- 01
Asset
Incident response capability and critical business services.
Business object or system that needs protection. - 02
Threat
High-severity security incident requiring coordinated triage, escalation, containment, communication, and recovery.
Event, actor, or condition that can create harm. - 03
Vulnerability
Unclear incident roles, stale contact lists, missing escalation thresholds, and no tested incident management process.
Weakness that makes the threat relevant. - 04
Risk
Because incident ownership, escalation criteria, and communication paths are not prepared or rehearsed, a serious security incident may be handled slowly or inconsistently, increasing business impact and regulatory exposure.
Scenario evaluated with likelihood, impact, and ownership. - 05
Treatment
Mitigate through a maintained incident management plan, assigned response roles, escalation criteria, communication paths, tabletop exercises, and periodic review.
Decision path for reducing, accepting, transferring, or avoiding risk.
Controls that treat the risk
Evidence that proves operation
Assessment Rationale
Likelihood
The likelihood is medium because incidents rarely wait for governance to become clear. If responders do not know who owns decisions before an incident, ownership will be debated during the incident.
Impact
The impact is high because delayed escalation can extend downtime, miss contractual or regulatory notification windows, and cause management to make decisions without reliable facts.
Residual Risk
After treatment, residual risk is estimated as medium if the plan is tested, contact data is current, and escalation records show that ownership is understood.
Review Notes
Review after each tabletop exercise, material organizational change, supplier change, or actual incident.
Software Object Mapping
- risk
- incident
- control
- evidence
- Iso27005
- Risk
- Iso27001
- Incident management
Note Metadata
Aliases: RISK-0002
Source: 05-Risk-Knowledge-Base/RISK-0002-Incident-Escalation-Failure.md