When to use this
Practical use
Use this as a working artifact. Fill it with real owners, dates, decisions, evidence locations, and review status.
Use this when documenting a reusable ISO/IEC 27005-style risk scenario.
---type: risk-scenarioasset: ""threat: ""vulnerability: ""risk_level: ""likelihood: ""impact: ""treatment_option: ""related_controls: []evidence_required: []owner: ""status: drafttags: - risk - iso27005created: YYYY-MM-DDupdated: YYYY-MM-DD---
# Risk Scenario - {{asset}} / {{threat}}
## 1. Scenario Description
Describe the risk scenario in business language.
## 2. Asset
Identify the affected asset.
## 3. Threat
Identify the threat source or event.
## 4. Vulnerability
Identify the weakness that makes the threat relevant.
## 5. Impact
Describe business, operational, legal, financial, and reputational impact.
## 6. Likelihood
Describe why the risk is likely or unlikely.
## 7. Risk Rating
Document the risk rating method.
## 8. Treatment Option
Choose one:
- Mitigate- Transfer- Avoid- Accept
## 9. Related Controls
Link to Annex A controls.
## 10. Evidence Required
List evidence required to prove treatment.
## 11. Software Object Mapping
Map this scenario to future data entities.Related notes
- Template
- Iso27005
- Risk scenario
Note Metadata
Aliases: Risk Scenario Template
Source: 90 Templates/Template Risk Scenario.md
Graph-sourced resources
Templates and evidence
Risk treatment artifacts
Risk records, mappings, and treatment-supporting references.