1. RISK UNDERSTANDING
Understand what can go wrong and explain it the simplest possible way.
2. ATTACK SCENARIO
Support your explanation with a realistic attack scenario. Provide a pragmatic example of how the risk can result in an actual attack.
3. BUSINESS IMPACT
Explain what is the impact to the business if this risk becomes true. At the end of the day it’s about the most important thing.
Check the Forward Point Risk Process to learn how to assess risk in a simple way.