{ "$schema": "http://json-schema.org/draft-07/schema#", "$id": "#Risk", "description": "An object that represents an identified Risk as the result of an Assessment. The collection of Risk objects in JupiterOne make up the Risk Register. A Control may have a `MITIGATES` relationship to a Risk.", "type": "object", "allOf": [ { "$ref": "#RecordEntity" }, { "properties": { "assessment": { "description": "The name/id of the assessment that produced this risk.", "type": "string" }, "category": { "description": "The category (or area) of the risk. For example, 'process maturity' or 'natural disaster'.", "type": "string" }, "probability": { "description": "Probability rating of the risk: '3: high/certain', '2: medium/likely', '1: low/unlikely', '0: none/negligible'.", "type": "integer", "examples": [0, 1, 2, 3] }, "impact": { "description": "Impact rating. '3: high/severe', '2: medium/moderate', '1: low/minor', '0: none/insignificant'.", "type": "integer", "examples": [0, 1, 2, 3] }, "score": { "description": "Overall Risk Score = Probability x Impact", "type": "integer" }, "details": { "description": "Additional details to describe the risk.", "type": "string" }, "mitigation": { "description": "Description of the mitigation, either planned or implemented, if applicable.", "type": "string" }, "status": { "description": "Current status of this documented risk. Default status is `open`.", "type": "string", "examples": [ "reported", "acknowledged", "accepted", "mitigated", "prioritized", "transferred", "pending", "open" ] } }, "required": ["probability", "impact", "score", "status"] } ] }