LOGBOOK

HELP

Quiz Entry - updated: 2026.05.31

What is a Risikomatrix (risk matrix) and how does it visualise risk?

A 5×5 grid with Likelihood on the Y-axis and Impact on the X-axis — each cell coloured green→red to show severity at a glance.

The standard layout:

  • Y-axis (Likelihood): Remote → Unlikely → Possible → Likely → Certain
  • X-axis (Impact): Insignificant → Minor → Moderate → Major → Critical
  • Cells are coloured (green / yellow-green / yellow / orange / red) and labelled (Low / Low-Med / Medium / Med-Hi / High)

How risks land on it:

  • Each identified risk gets one dot/marker based on its (likelihood, impact) pair.
  • Multiple risks plotted on the same matrix become a Risk-Map (or Risiko-Landkarte).

Why it's everywhere:

  • Übersichtlich — non-experts grasp it in 5 seconds.
  • Communication-friendly — boards love it.
  • Prioritisation aid — top-right (red) gets resources first.

Why it's dangerous:

  • "Tendency to everything-yellow" — assessors anchor to the middle to avoid controversy.
  • Replaces critical thinking with best-practice colouring.
  • Strongly biased by assessor experience; not reproducible.
  • No real quantitative output — you can't compute ROI of a control directly from a colour.

Tip: Doug Hubbard's "How to Measure Anything in Cybersecurity Risk" is a famous critique — read it before you defend any risk matrix in front of a quant-leaning audience.

From Quiz: ISF / Risk Management | Updated: May 31, 2026