This video provides and overview for the Risk Inventory dashboard. While each scenario provides information on Risk Event frequency, Residual Impact, and overall distribution of risk, additional useful insights are provided. A scenario definition includes a specific Actor targeting a specific Attack Surface with a specific Threat Action, which results in a specific Risk Event at a specific Organizational Unit. However, the most important insight for each scenario is the list of Proactive and Reactive capabilities, showing both their relevance and strength. This information provided in the risk scenario context becomes an actionable insight as risk owners can see immediately multiple key points. Are there enough relevant Proactive Capabilities to mitigate the specific Threat Action? Are these capabilities strong at the specific Attack Surface? Are there enough relevant Reactive Capabilities to mitigate the impact of the implied Risk Event? Are these capabilities strong at the specific Organizational Unit?

If a scenario is ranked high in terms of overall risk, then it is either in the control of the management team by increasing the number and strength of relevant capabilities; or it is driven by external factors (e.g., threat strength, initiation frequency, minimum residual impact). This is very useful information when decisions need to be made around which scenario to mitigate and how.