There is no doubt that the current cyber risk landscape changes constantly, if not daily. As such, there is an inherent challenge in effectively communicating how impactful these risks can pose to private businesses.

Through quantitative and qualitative risk assessments, your board of directors and executives’ eyes tend to glaze over due to the sheer amount of information, which degrades the probability of receiving the necessary resources to mitigate probable threats.

In response to this common scenario, the WF Command Center, in collaboration with Adopting Zero Trust, has developed a new system to simplify communicating risk. The Waffle House (WF) Risk Index 1.0 adapts the universally known, yet informal, color-coded system to now map against cyber risks. In this new system, organizations can simply label risks in one of three-color statuses:

1. Green = Good

2. Yellow = Not Good

3. Red = Really Not Good

4. Gray = Emerging Threat

The new open-source standards have been developed to ensure everyone can clearly articulate and understand what risks to prioritize based on severity, likelihood, and existing controls.

The index is also designed to map the color-coded system to your existing supported frameworks such as NIST CSF and ISO 27001. But, maybe don’t use this in your audits.

WF Risk Index 1.0 Public Comment Period

To add your comments and expand upon the index, you can use either Notion or Google Docs.

You can access the draft version of the index here.

Waffle House, don’t sue us.

*** This is a Security Bloggers Network syndicated blog from Adopting Zero Trust authored by Elliot Volkman. Read the original post at: https://www.adoptingzerotrust.com/p/exclusive-waffle-house-risk-index