A risk register is a document that records and tracks the information about the risks that may affect the organization’s objectives, such as the risk description, category, source, cause, impact, probability, status, owner, response, etc.
When updating the risk register after a risk assessment, the most important information to include is the likelihood and impact of the risk scenario. This means that the risk registershouldreflect the current or updated estimates of the probability and consequence of the risk scenario, based on the risk analysis and evaluation methods and criteria.
The likelihood and impact of the risk scenario helps to determine the risk level and priority, select the most appropriate risk response, allocate the resources and budget for risk management, and monitor and report the risk performance and outcomes.
The other options are not the most important information to include when updating the risk register after a risk assessment. They are either secondary or not essential for risk management.
The references for this answer are:
Risk IT Framework, page 29
Information Technology & Security, page 23
Risk Scenarios Starter Pack, page 21
Submit