Risks Assessment

Potential damage

Low
Medium
High
Very high

Decisions:

Accept: acknowledge the risk, but do not take any action before it hits
Mitigate: take measures to reduce the probability of occurrence or the potential damage
Avoid: do something else without this risk, e.g. nothing
Transfer: let someone else take care of it, e.g. insurance
(Deny the risk: not allowed to choose, but many managers do this nevertheless...)

			Probability of occurrence	Potential damage	Decision	Reasons
Financial	1	GAFAM	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	Financially it is not possible to compete with GAFAM Mitigate→ find approach against GAFAM in strategic category
	2	Competing technology	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny
	3	Marketing	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	Mitigate→ compatibility with new rules participation in the activities steering and show case the development communicate with institutes to bring them to ecosystem
	4	Funding	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	participating in projects and present ourself and requirements and capabilities
	5	Environmental cost	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	not selecting environmental consuming technology like some types of ledgers
Legal	6	Governments Rules	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	develop and share best practices monitoring develop common strategies
Legal	7	International Compatibility (ex. GDPR)	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	same as above plus finding common denominator solutions
	8	Misusing of DID	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	Refer to existing solution like revoking ID
	9	User Responsibility	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	training user wallet technical support follow legal framework e.g. GDPR
Strategic	10	Dependency	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny
	11	Intermediaries	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	Improvement in EUDI wallet
	12	Exposure to Governance Rules and standards	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny
	13	Usability	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	Existing system are still in place, and we improve the products and solutions continuously.
	14	Acceptance	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	Existing system are still in place, and we improve the products and solutions continuously.
	15	Interoperability (Standards and Protocols)	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	mitigate the risk with customization
	16	Integration	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	mitigate the risk with development
	17	ontopiness	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	come up with new services
Security	18	Protecting data	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	any security solution security reviews incident handling capabilities awareness programs
	19	Losing data	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	improve recovery processes
	20	Dark Net	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny
	21	Trust Infrastructure	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny

Consensus

many times in a year	Competing technology Exposure to Governance Rules and standards	Misusing of DID Dependency Usability Acceptance Protecting data	User Responsibility	GAFAM Losing data
once in 1 years		Funding	Marketing Intermediaries
once in 2 years	Dark Net		Governments Rules International Compatibility (ex. GDPR) Interoperability (Standards and Protocols) Integration	ontopiness
once in 5 years				Trust Infrastructure
once in 10 years	Environmental cost
Occurrence Probability / Potential damage	Low	Medium	High	Very High

No-consensus-pile

.....

Space shortcuts

Page tree