Using risk matrix rank risks from most severe to least severe based on Means, Motive & Opportunity. Below is a sample risk matrix table, depending on your risk approach you can define different risk ranking matrix:
· Risk Value: 01 to 12 → Risk Level: Notice
· Risk Value: 13 to 18 → Risk Level: Low
· Risk Value: 19 to 36 → Risk Level: Medium
· Risk Value: 37 to 54 → Risk Level: High
Determine countermeasures and mitigation
Identify risk owners and agree on risk mitigation with risk owners and stakeholders. Provide the needed controls in forms of code upgrades and configuration updates to reduce risks to acceptable levels.