Risk Management

See risk clearly,
act decisively

An eight-stage lifecycle engine that takes every risk from identification through quantitative assessment, structured treatment, and validated closure — with an immutable audit trail at every step.

Request DemoSee the lifecycle
IMPACTLIKELIHOODMinimalMinorModerateMajorSevereRareUnlikelyPossibleLikelyCertain123112421331121LowMediumHighCriticalCRITICAL4MITIGATED18

The lifecycle

From identification
through closure

Every risk follows the same structured path. No shortcuts, no silent approvals, no gaps in the record.

01

Open

A risk is identified and submitted with title, description, category, and context. The system assigns it to an assessor and the lifecycle begins.

Risk recordAssessor assignmentInitial context

Core capabilities

Risk, measured
and managed

Six integrated capabilities that replace ad-hoc risk tracking with a quantitative, auditable, workflow-driven risk register.

01

8-Stage Risk Lifecycle

Every risk follows a structured journey — Open, Assess, Investigate, Treat, Remediate, Validate, Close. Each stage has defined inputs, role-based gates, and an immutable event trail.

02

Quantitative Scoring

A 5×5 likelihood-by-impact matrix produces a 1–25 risk score that automatically classifies every risk as Low, Medium, High, or Critical. No subjective labels — just math.

03

Threat Intelligence Library

Built-in STRIDE categories, MITRE ATT&CK mapping, kill chain phases, and a custom threat builder. Link threats to risks and auto-suggest controls based on threat type.

04

Treatment Planning

Four strategies — Mitigate, Transfer, Accept, Avoid — each with documented rationale, timeline, cost analysis, and assessor approval before execution begins.

05

Control Mapping & Evidence

Apply security controls from NIST CSF, CIS, and ISO 27001 directly to risks. Track effectiveness (1–100%), implementation cost, and verification status per control.

06

Action Plans

Attach remediation plans with assignees, due dates, effort estimates, and cost tracking. Status flows from Pending through Completion — rolling up into risk treatment progress.

Portfolio at
a glance

The 5×5 heat map plots every risk by likelihood and impact. Click any cell to drill into the risks it contains. Filter by category, owner, or treatment status to isolate what matters.

  • 25-cell matrix with risk count per cell and drill-down
  • Filter by level, category, assignee, treatment option, or date
  • Inherent vs. residual scoring for before-and-after clarity
  • Export the full risk register for board-level reporting

Total Risks

46

Critical

4

High

12

Overdue

3

Mitigated

18
1
2
1
1
3
3
1
1
2
4
2
2
3
1
1

Treatment breakdown

Mitigate (24)
Transfer (8)
Accept (10)
Avoid (4)
S

Spoofing

Identity impersonation

T

Tampering

Data modification

R

Repudiation

Deniable actions

I

Info Disclosure

Data exposure

D

Denial of Service

Availability attack

E

Elevation

Privilege escalation

Threats mapped,
controls suggested

A built-in threat library powered by STRIDE and MITRE ATT&CK. Link threats to risks and the system recommends controls automatically — ranked by effectiveness and mapping type.

  • Six STRIDE categories with kill chain phase mapping
  • MITRE ATT&CK tactic and technique identifiers
  • Auto-suggest controls ranked by effectiveness (1–5)
  • Custom threat categories for organization-specific risks

Get started

Stop guessing
at risk

See how Archaeon's risk engine replaces subjective assessments with quantitative scoring, structured treatment, and validated closure.

Request DemoTalk to Sales