⚠️ Custom Risk Types

"Tailor your risk universe."
Define, override, and customize risk types to fit your organization’s methodology.

Brainframe comes with several pre-configured risk types (see Risk Management). Administrators can override defaults or create entirely new, custom risk types for their workspace.

1️⃣ Accessing Custom Risk Types

1. Go to Workspace Settings → Risk Types.
2. View the list of:

• Custom risk types you’ve created.
• Overridden pre-configured types.

3. Use the “+” button to add a new risk type.
4. Hover over a risk type to edit or delete it.

2️⃣ Configuring a Risk Type

When creating or editing a risk type, you can define its full behavior and methodology:

1. Risk Type Name – To override a default, use the exact name.
2. Risk Matrix Scale – Choose: 3×3, 4×4, 5×5, or 10×10. (Other scales available on request)
3. Risk Appetite and Review Frequency – Define minimum values where appetite colors apply, as well as the frequency that you want to review the risk with each appetite.
4. Methodology Description – Provide guidance on scoring measures (e.g., ranges or qualitative levels).
5. Remaining Work Mode – Replace standard statuses with Kanban stages from the Process Workbench (moving a card in the kanban and asks if a new reading should be done).
6. Add Measure
7. Measures – Define one or more measures (e.g., Confidentiality, Integrity, Availability, Probability), and their possible options.

8. X & Y Axis Mapping – For Impact and Probability, specify how values are derived from selected measures:

• Value → Uses the exact value of the selected measure.
• Min → Uses the minimum value among the selected measures.
• Max → Uses the maximum value among the selected measures.
• Equal-Weight Geometric Mean → Automatically maps any non-linear or irregular measure scale (e.g., 0.1, 0.5, 1, 5, 10, 40) to the chosen risk matrix size using simple linear interpolation.

The system takes the lowest non-zero value as the minimum and the highest value as the maximum.

All intermediate values are linearly distributed across the matrix scale.

No manual reconfiguration needed after changing measure ranges.

Note: When changing measure ranges or adding this option, reconfigure X/Y mappings to ensure correct scaling.

Example: Linear Weight on a 5×5 Matrix

Measure scale = [0.1, 0.5, 1, 5, 10, 40]

The system automatically detects:

• Min (non-zero) = 0.1 → maps to 1 on the matrix
• Max = 40 → maps to 5 on the matrix

Linear mapping result:

This gives you a clean, predictable 1–5 (or 1–10) score regardless of what your original measure scale is.

9. Document Properties – Mark properties as mandatory or optional. If available, they auto-fill during readings.

f you'd like to use the risk matrix purely visually and adjust the colors, you can simply override the values for each risk type. Just click the pencil icon in the risk-type configuration and set the value you want to appear in each part of the matrix, based on your color target. This allows you to show risks that might not appear in the corresponding value in the color of your choice, without having to modify the actual value.

3️⃣ Best Practices

• 🎨 Design meaningful scales – Keep values intuitive for risk owners and align with your operations.
• 🔄 Harmonize measures – Align them with your risk methodology (ISO 27005, NIST, etc.).
• 🛑 Avoid overcomplication – Too many measures reduce usability.
• ⏰ Set review frequencies realistically – Balance compliance needs with team workload.

🎯 Visual Checklist

• [x] Reviewed default and custom risk types
• [ ] Defined matrix scale and appetite thresholds
• [ ] Added measures and axis mappings
• [ ] Configured review frequency and methodology
• [ ] Tested risk type with sample data

Updated on: 05/12/2025