Aviation Cybersecurity Risk Assessment Tool

📊 Inherent Risk Distribution

Before treatment

🛡️ Residual Risk Distribution

After treatment

🏷️ Risk Status

🎯 Inherent Risk Matrix

Before treatment — Likelihood × Impact

← Impact (vertical) / Likelihood (horizontal) →

Critical (17–25)

High (10–16)

Medium (5–9)

Low (1–4)

🛡️ Residual Risk Matrix

After treatment — Residual Likelihood × Residual Impact

← Impact (vertical) / Likelihood (horizontal) →

Critical (17–25)

High (10–16)

Medium (5–9)

Low (1–4)

⚠️ Top Risks by Score

Risk ID	Title	Asset	Inherent	Level	Residual	Residual Level	Status

🏢 Organisation Details

Assessment ID *

Organisation Name

Organisation Type

Location / Regulatory Context

Assessment Date

Assessor Name / Team

🔍 Scope, Assumptions & Limitations

Scope (systems, processes, and locations included in this assessment)

Assumptions

Limitations

Risk Appetite Statement (Describe your organization's risk tolerance strategy)

Acceptable Residual Risk Threshold

Any risk with a residual score above this threshold will be flagged on the dashboard.

📜 Standards, References & Validation

Applicable Standards / References

Notes Requiring Validation (by competent authority or internal safety/security departments)

⚖️ Regulatory Disclaimer: Regulatory applicability must be validated against the organisation's jurisdiction, approval basis, competent authority requirements, and internal safety/security governance.

📋 System Register

#	Asset / System	Process	Safety	Security	Actions

📋 Risk Register

Risk ID	Title	Linked Asset	Threat Source	Status	Actions

Select Risk to Score

📐

Scoring Scale

1 = Very Low / Negligible | 2 = Low | 3 = Medium | 4 = High | 5 = Critical / Catastrophic

📊 Inherent Risk Scoring

Likelihood Very Low

🛡️ Safety Impact Very Low

🔒 Security Impact Very Low

⚙️ Operational Impact Very Low

🏢 Business Continuity Very Low

💰 Financial Impact Very Low

⚖️ Legal / Regulatory Very Low

📣 Reputational Impact Very Low

🗄️ Data CIA Impact Very Low

🧮 Computed — Inherent Risk

Overall Impact (highest) —

Inherent Risk Score —

Inherent Risk Level —

Inherent Risk = Likelihood × Overall Impact. Level: 1–4 = Low | 5–9 = Medium | 10–16 = High | 17–25 = Critical

Select Risk

ℹ️ Inherent Risk Reference

Inherent Likelihood

—

Inherent Impact

—

Inherent Risk Score

—

Inherent Risk Level

—

This is the calculated baseline risk (before treatment). Use this as your starting point for determining mitigations.

🛡️ Treatment Plan

Risk Treatment Option

Treatment Owner (Action Owner)

Target Date

Status

Review Date

Mitigations / Security Requirements * (Type and press Enter, or select from library)

Action Plan & Comments

🛡️ Residual Risk Scoring (post-control)

📐

Methodology Note

Score the expected likelihood and impact after the mitigations above have been successfully implemented.

Residual Likelihood Very Low

🛡️ Safety Impact Very Low

🔒 Security Impact Very Low

⚙️ Operational Impact Very Low

🏢 Business Continuity Very Low

💰 Financial Impact Very Low

⚖️ Legal / Regulatory Very Low

📣 Reputational Impact Very Low

🗄️ Data CIA Impact Very Low

Residual Risk Score —

Residual Risk Level —

💡

Using the Scenario Library

Click Use This Scenario to create a new risk pre-filled with the scenario data. All fields remain fully editable — these are starting points, not fixed templates.

Risk Assessment Dashboard

Assessment Information

Step 2: Operational Functions & Systems

Risk Scenario Form

Risk Scoring

Risk Treatment

Aviation Cyber Risk Scenario Library