View Source

Potential damage

Decisions:

Accept: acknowledge the risk, but do not take any action before it hits
Mitigate: take measures to reduce the probability of occurrence or the potential damage
Avoid: do something else without this risk, e.g. nothing
Transfer: let someone else take care of it, e.g. insurance
(Deny the risk: not allowed to choose, but many managers do this nevertheless...)

			Probability of occurrence	Potential damage	Decision
Financial	1	GAFAM	(once in 10 years) (once in 5 years) (once in 2 years) (once in 1 years) (many times in a year)	Low Medium High Very high	Accept Mitigate Avoid Transfer Deny
	2	Competing technology
	3	Market Growth Challenges
	4	Environmental cost
Legal	5	Governments Rules
Legal	6	International Compatibility (ex. GDPR)
Strategic	7	Dependency
	8	Intermediaries
	9	Acceptance
	10	Engagement (Governance Rules)
	11	Usability
	12	Interoperability (Standards and Protocols)
	13	Integration
	14	Communication (Marketing)
Security	15	Physical vulnerabilities (Device lost)
Security	16	Protecting sensitive data

many times in a year
once in 1 years
once in 2 years		e.g. Physical vulnerabilities (Device lost)
once in 5 years
once in 10 years
percentage of occurrence Probability / Potential damage	Low	Medium	High	Very High

.....