Risk Tolerance IRM Program Template

Overview

Insider Risk Scenarios: Situations that indicate data is at a higher liklihood of exposure or exfiltration that are likely to result in financial, regulatory or reputational harm to the organization, its' partners, customers or employees.
Risk Tolerance: Risk appetite is defined as a company's attitude or willingness to take on risk while in pursuit of enabling other business outcomes. Risk tolerance is the maximum threshold of risk that a company will withstand, according to their risk appetite.
How to Use This Template: Use this template as a framework for thinking through your organization's risk tolerance for Insider Risk scenarios. The severities provided in the template are intended to be a guide, rather than the rule, based on Insider Risk scenarios and severity levels commonly associated with them. Low risk tolerance is intended to be associated with critical events, whereas high risk tolerance is intended to be associated with events that are considered low risk events until they reach a certain threshold. Risk tolerance is defined by you, and can be operationalized through Insider Risk Management technology.