Risk Assessment Demo – STRIDE (v15.1)
ERM Risk Prioritization Matrix · 5 levels (Very Low → Very High) · Likelihood: Remote → Certain
1) Submission & Solution Descriptions
Project / System / Vendor
Owner
Environment
Production
Non‑Production
Third‑party status
None
New Vendor
Current Vendor
Cloud
On‑prem
Cloud
External Exposure
Internal
External
AI Usage
No
Yes
Current Solution (as‑is)
Future / Target Solution (to‑be)
2) Data Classification (select)
Data Type Examples (from ICBC sheet)
Restricted
Highly Sensitive PII (Health, Biometrics, Financial)
Payment data
Customer PII (tagged Restricted)
Confidential
Sensitive PII (Race, Religion, Gender)
Claims data
Customer PII (Name, DOB, Address, Contact)
Corporate / Confidential
Operational data (Policy details, renewal)
Employee & Contractor data
Audit logs
Vendor data
Click an example to auto‑select its classification.
3) Business Impact (Yes / No)
Customer
Reputation / Public image
Compliance / Legal / Regulatory
Financial
Employee Health & Safety
Business disruption / Project
No numeric impact selection is shown. The calculator derives a 1–5 Impact level from the number of areas impacted; cards display the label (Insignificant…Extreme).
4) Current Controls (select as applicable)
Select the controls that are in place.
5) Summary
Compute / Recompute
Print / Save PDF
Reset
Impacted areas selected:
Inherent: –
Residual: –
Band: –
6) Inherent Risks (STRIDE)
7) Residual Risks (STRIDE)
8) JSON payload (for future integration)
Show / hide JSON