View Source

Potential damage

Low
Medium
High
Very high

Decisions:

Accept: acknowledge the risk, but do not take any action before it hits
Mitigate: take measures to reduce the probability of occurrence or the potential damage
Avoid: do something else without this risk, e.g. nothing
Transfer: let someone else take care of it, e.g. insurance
(Deny the risk: not allowed to choose, but many managers do this nevertheless...)

			Probability of occurrence	Potential damage	Decision	Reasons
Financial	1	GAFAM	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	Financially it is not possible to compete with GAFAM Mitigate→ find approach against GAFAM in strategic category
	2	Competing technology	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny
	3	Marketing	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	Mitigate→ compatibility with new rules participation in the activities steering and show case the development communicate with institutes to bring them to ecosystem
	4	Funding	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	participating in projects and present ourself and requirements and capabilities
	5	Environmental cost	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	not selecting environmental consuming technology like some types of ledgers
Legal	6	Governments Rules	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	develop and share best practices monitoring develop common strategies
Legal	7	International Compatibility (ex. GDPR)	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	same as above plus finding common denominator solutions
	8	No definition or legal commitment for punishment in regard of misusing	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny	Refer to existing solution like revoking ID
Strategic	7	Dependency
	8	Intermediaries
	9	Acceptance
	10	Engagement (Governance Rules)
	11	Usability
	12	Interoperability (Standards and Protocols)
	13	Integration
	14	Communication (Marketing)
Security	15	Physical vulnerabilities (Device lost)
Security	16	Protecting sensitive data

Consensus

many times in a year
once in 1 years
once in 2 years		e.g. Physical vulnerabilities (Device lost)
once in 5 years
once in 10 years
percentage of occurrence Probability / Potential damage	Low	Medium	High	Very High

No-consensus-pile

.....