A key risk indicator is a measurement used in risk management that tracks the probability and impact a specific risk has against an organization's risk appetite.
Let's consider the following scenario—an organization wants to measure the average vulnerabilities per system it has on the enterprise.
It establishes that:
- Green = 0-2 high-level vulnerabilities per system
- Amber = 2-3.5 high-level vulnerabilities per system
- Red = anything over 3.6 high-level vulnerabilities per system
Understanding this, we can look at key risk indicators as the analysis of the trending information that warns that if current thresholds are met, stakeholders need to be notified to start remediation.
In our case, the organization has established that actions start taking place:
- From Green to Amber: When the average vulnerability count is between 1.5 and 2 per system
- From Amber to Red: When the average vulnerability count is between 3 -3.5 per system
These are just a few methods and tools that we can use for collaboration. Let's see how these can actually be applied.