# 4 High Level Risk Assessment

# 4. High-Level Risk Assessment

Note: Mandatory for a strategic plan.

How (Lightweight)

• Identify top risks (10–15 max)
• Rate each risk:
  • Likelihood: Low / Medium / High
  • Impact: Low / Medium / High
• Map risks to business impact

Example Risks

• Data breach of customer PII
• Cloud misconfiguration
• Ransomware
• Insider misuse
• Third-party compromise
• Regulatory non-compliance

Output

• Simple risk register (table)
• Highlight top 5–7 strategic risks