antifragile/antifragile-consulting/assessment-templates/antifragile-risk-register.md

Antifragile Risk Register Template

"Traditional risk registers count vulnerabilities. Antifragile risk registers map the kill chain, preserve optionality, and engineer convexity."

This template replaces conventional risk management with an antifragile approach. It is designed to identify not just what can go wrong, but how the organization benefits from addressing it—and what structural improvement emerges from each risk realization.

---

The Antifragile Risk Dimensions

Traditional risk registers track Probability and Impact. We add five antifragile dimensions:

Dimension	Traditional Equivalent	Antifragile Question
Kill Chain Position	Asset location	"If this risk materializes, what is the shortest path to organizational failure?"
Optionality Impact	N/A	"Does this risk, if unaddressed, remove our ability to change direction?"
Convexity	Risk score	"Is the payoff asymmetric—small investment to prevent, catastrophic cost if realized?"
Stress-to-Signal	Lessons learned	"If this risk materializes, what structural improvement must result?"
T0 Classification	Criticality	"Is this existential (T0), major (T1), significant (T2), or standard (T3)?"

---

Risk Register Template

Metadata

Organization: ________________________________
Assessment Date: ________________________________
Assessor: ________________________________
Review Cadence: Monthly / Quarterly
Next Review Date: ________________________________

Risk Entries

Field	Description	Example
Risk ID	Unique identifier (e.g., AF-2024-001)	AF-2024-001
Risk Name	Short, specific description	Domain Admin Account Compromise
Description	Detailed scenario	A standing Domain Admin account is compromised via phishing, allowing adversary to create persistent access and exfiltrate data
T0 / T1 / T2 / T3	Tier classification	T0
Kill Chain Position	Shortest path to failure	Direct: compromised admin → full domain takeover → all systems compromised
Probability	Likelihood (1-5)	4 (High: admin accounts are high-value phishing targets)
Impact	Consequence (1-5)	5 (Existential: total organizational compromise)
Traditional Risk Score	P × I	20 (Critical)
Optionality Impact	Does this remove strategic options?	High: if AD is compromised, migration to cloud-native identity becomes impossible until recovery
Convexity	Asymmetric payoff?	Extreme: MFA deployment costs €0 (E3); domain compromise costs €500K+
Current Control	What exists today?	Password policy; no MFA on admin accounts; no PIM
Antifragile Move	What structural change is required?	1. Remove standing Domain Admin assignments 2. Deploy PIM (or manual JIT process) 3. Enforce MFA with hardware tokens 4. Deploy PAWs for all admin activity
Owner	Who is accountable?	CISO
Target Date	When must this be addressed?	14 days
Status	Open / In Progress / Closed / Accepted / Transferred	Open
Stress-to-Signal Mandate	If this risk materializes, what must change?	Post-incident: all admin activity permanently moved to PAWs; quarterly access reviews institutionalized; admin accounts reduced to minimum viable count
Verification Method	How do we prove the fix works?	Monthly PIM audit; quarterly red team targeting admin credentials; Secure Score admin control metric

---

Risk Categories (Antifragile Taxonomy)

Category 1: Sovereignty Risks

Risks related to loss of control over data, intelligence, or infrastructure.

Risk	Kill Chain	T0?	Antifragile Move
Proprietary data trains competitor AI models	Data → cloud AI → model improvement → competitive erosion	Yes	Deploy local or Azure OpenAI with data protection guarantees; classify AI data flows
Cloud vendor changes terms or pricing	Terms change → operational disruption → forced migration under duress	Yes	Document exit architecture; maintain data portability; dual-vendor readiness
Vendor discontinues critical service	Service ends → workflow collapse → emergency procurement	T1	Maintain abstraction layers; escrow agreements; 90-day exit plans

Category 2: Identity Risks

Risks related to authentication, authorization, and account lifecycle.

Risk	Kill Chain	T0?	Antifragile Move
Standing privileged account compromise	Phish → admin account → lateral movement → domain takeover	Yes	Eliminate standing privileges; deploy PIM or manual JIT; PAWs
Orphaned account resurrection	Former employee account not disabled → credential sale → unauthorized access	T1	Automated orphan detection; quarterly access reviews; offboarding workflow tied to HR
MFA bypass via legacy authentication	Legacy protocol → password spray → account access without MFA	T1	Block legacy auth tenant-wide; monitor for legacy auth attempts

Category 3: Resilience Risks

Risks related to the organization's ability to survive and recover from failure.

Risk	Kill Chain	T0?	Antifragile Move
Backups unrecoverable	Ransomware → backup failure → data loss → business termination	Yes	Quarterly recovery drills; immutable backups; tested runbooks
Single point of failure in critical system	Component failure → cascade → service outage	T1	Chaos engineering; redundancy; graceful degradation design
Untested disaster recovery plan	Incident → DR plan fails → extended outage → regulatory fine	T1	Quarterly DR drills; documented and practiced runbooks; automated failover where possible

Category 4: Organizational Risks

Risks related to structure, culture, and process.

Risk	Kill Chain	T0?	Antifragile Move
Security team as gatekeeper, not enabler	Security blocks releases → development bypasses controls → shadow IT proliferation	T1	Embed security in teams; shared metrics; automated security gates in CI/CD
Knowledge concentrated in single individual	Key person departure → operational paralysis → recovery delay	T1	Cross-training; runbook documentation; bus factor > 1 for all critical functions
Incident findings not converted to structure	Incident occurs → post-mortem written → no changes made → repeat incident	T1	Blameless post-mortems with structural mandates; mean-time-to-structural-fix metric

Category 5: AI-Specific Risks

Risks introduced by artificial intelligence adoption.

Risk	Kill Chain	T0?	Antifragile Move
Prompt injection on business-critical AI workflow	Malicious input → AI generates harmful output → business decision based on bad data	T1	Input validation; output filtering; human-in-the-loop for critical decisions
AI model poisoning via training data	Adversarial training data → model behaviour change → security control failure	Yes	Data provenance tracking; training data validation; model integrity monitoring
Shadow AI usage leaks crown jewels	Employee uses public AI → proprietary data exfiltrated → competitive disadvantage	Yes	Sanctioned AI alternative (Azure OpenAI bridge); DLP monitoring; user education

---

The Kill Chain Risk Register

For the highest-priority risks, map the full kill chain:

RISK ID: ________________
RISK NAME: ________________

KILL CHAIN ANALYSIS:
Step 1 (Initial Access): ________________________________________________
Step 2 (Persistence): ________________________________________________
Step 3 (Privilege Escalation): ________________________________________________
Step 4 (Lateral Movement): ________________________________________________
Step 5 (Impact): ________________________________________________

SHORTEST PATH TO FAILURE: _____ steps
CRITICAL NODE (break the chain here): ___________________________________

ANTIFRAGILE MOVE AT CRITICAL NODE: _____________________________________
VERIFICATION: __________________________________________________________

---

Scoring and Prioritization

Traditional Score

Risk Score = Probability (1-5) × Impact (1-5)

Score	Priority
20-25	P0 — Address within 14 days
15-19	P1 — Address within 30 days
10-14	P2 — Address within 90 days
5-9	P3 — Address within 180 days
1-4	P4 — Monitor and schedule

Antifragile Score (Supplemental)

Antifragile Priority = Traditional Score + Optionality Impact (0-5) + Convexity (0-5)

Risks that remove optionality or have extreme convexity receive elevated priority even if traditional probability is moderate.

Antifragile Score	Interpretation
30+	Existential + optionality-destroying. Address immediately.
25-29	High risk with structural implications. Address within 30 days.
20-24	Significant risk. Address within standard timeline.
< 20	Manage through existing controls.

---

Review and Governance

Monthly Tactical Review

• Open risks: status, blockers, escalation needs
• Closed risks: verification that controls are working
• New risks: emerging from incidents, changes, or threat intelligence

Quarterly Strategic Review

• Risk trend: Are we reducing existential risks faster than new ones emerge?
• Kill chain coverage: Are there unprotected paths we have not mapped?
• Optionality audit: Have any changes reduced our strategic flexibility?
• Stress-to-signal conversion: How many incidents produced structural improvements?

Annual Board Review

• Risk register summary: T0 risks, open vs. closed, trend
• Kill chain assurance: Independent validation of critical node protection
• Antifragile maturity: Mean time to structural fix, chaos experiment results, recovery drill outcomes

---

Integration With Other Documents

Document	Integration
T0 Asset Framework	T0 classification determines which risks are existential
Rapid Modernisation Plan	Phase priorities map directly to P0/P1/P2 risk closure
C-Suite Conversation Guide	Risk register produces the "cost of inaction" narrative
Business Case Template	Risk scores convert to expected financial loss

---

For the M365-specific risk register, see M365 Project Risk Register.