Articles on: Workspace Configuration

Custom Risk Types

⚠️ Custom Risk Types

"Tailor your risk universe."
Define, override, and customize risk types to fit your organization’s methodology.


Brainframe comes with several pre-configured risk types (see Risk Management). Administrators can override defaults or create entirely new, custom risk types for their workspace.


Info: Only administrators can configure custom risk types from the Workspace Settings page.



1️⃣ Accessing Custom Risk Types



  1. Go to Workspace Settings → Risk Types.
  2. View the list of:
  • Custom risk types you’ve created.
  • Overridden pre-configured types.
  1. Use the “+” button to add a new risk type.
  2. Hover over a risk type to edit or delete it.



2️⃣ Configuring a Risk Type



When creating or editing a risk type, you can define its full behavior and methodology:


  1. Risk Type Name – To override a default, use the exact name.
  2. Risk Matrix Scale – Choose: 3×3, 4×4, 5×5, or 10×10. (Other scales available on request)
  3. Risk Appetite and Review Frequency – Define minimum values where appetite colors apply, as well as the frequency that you want to review the risk with each appetite.
  4. Methodology Description – Provide guidance on scoring measures (e.g., ranges or qualitative levels).
  5. Remaining Work Mode – Replace standard statuses with Kanban stages from the Process Workbench (moving a card in the kanban and asks if a new reading should be done).
  6. Add Measure
  7. Measures – Define one or more measures (e.g., Confidentiality, Integrity, Availability, Probability).
  8. X & Y Axis Mapping – For Impact and Probability, specify:
  • Value → Direct input.
  • Min → Lowest value.
  • Max → Highest value. (e.g., Max of CIA for Impact)
  1. Document Properties – Mark properties as mandatory or optional. If available, they auto-fill during readings.



3️⃣ Best Practices


  • 🎨 Design meaningful scales – Keep values intuitive for risk owners and align with your operations.
  • 🔄 Harmonize measures – Align them with your risk methodology (ISO 27005, NIST, etc.).
  • 🛑 Avoid overcomplication – Too many measures reduce usability.
  • Set review frequencies realistically – Balance compliance needs with team workload.



🎯 Visual Checklist


  • [x] Reviewed default and custom risk types
  • [ ] Defined matrix scale and appetite thresholds
  • [ ] Added measures and axis mappings
  • [ ] Configured review frequency and methodology
  • [ ] Tested risk type with sample data


Updated on: 05/09/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!