Build an information-security risk register the ISO/IEC 27005 and NIST SP 800-30 way — log each asset, threat and vulnerability, score likelihood × impact on a 5×5 matrix, record existing controls, choose a treatment (mitigate / transfer / accept / avoid) and capture residual risk. Saved in your browser. Exports to Word and CSV.
🔒 This is a defensive, information-security risk-assessment aid aligned to ISO/IEC 27005:2022 (information security risk management) and NIST SP 800-30 Rev. 1 (guide for conducting risk assessments). It is distinct from physical-security risk: here, impact is judged on confidentiality, integrity and availability of information plus the resulting business harm. Inherent risk = likelihood × impact (1–25). Everything runs in your browser and is stored only in this device's local storage — nothing is transmitted. It is a working aid, not legal, audit or certification advice; have a qualified person validate scoring and treatment.