Risk Library
Clarion comes with a curated library of 110+ pre-built risks covering 17 security categories. Each risk includes a description, business impact, suggested scores, and recommended compliance control mappings — so you can get your risk registry up and running quickly.
Categories
The library covers these security domains:
| Category | Number of Risks |
|---|---|
| Access Control | 12 |
| Identity & Authentication | 10 |
| Network Security | 10 |
| System Controls | 10 |
| Cryptographic Controls | 8 |
| Data Protection | 8 |
| System Integration | 8 |
| Business Continuity | 6 |
| Audit & Logging | 6 |
| Policy Management | 6 |
| Security Assessment | 5 |
| Configuration Management | 5 |
| Personnel Security | 5 |
| Incident Response | 3 |
| Asset Management | 3 |
| System Development | 3 |
| Risk Assessment | 2 |
Adding Risks from the Library
Adding a Single Risk
- Go to Risk Management and click + Add Risk
- Select the From Library tab — you'll see all available risks as searchable cards
- Use the search bar to find risks by keyword (e.g., "ransomware", "phishing", "encryption")
- Use the category filter to narrow results by category
- Click a card to select it — the form fills in automatically with:
- Title, description, and impact description
- Category
- Suggested likelihood and impact scores
- Suggested treatment strategy
- Compliance controls are linked automatically with default reduction weights
- Review and adjust any fields, set an owner and due date, then click Create Risk
Bulk Import
You can import multiple risks from the library at once — each risk is created with all the pre-built details and compliance control links already in place.
First-Time Setup
When you're getting started, use bulk import to quickly populate your risk registry. Filter by category to focus on the areas most relevant to your organization.
What's Included in Each Library Risk
Every pre-built risk comes with:
| Field | What It Contains |
|---|---|
| Title | A clear, threat-based name for the risk |
| Description | A 2–3 sentence scenario explaining the threat |
| Impact Description | The business consequences if the risk materializes |
| Category | One of the 17 security categories |
| Suggested Likelihood | A recommended score (1–5) based on industry benchmarks |
| Suggested Impact | A recommended score (1–5) based on industry benchmarks |
| Suggested Treatment | A default strategy (usually Mitigate, Accept, or Transfer) |
| Linked Controls | Compliance controls that are automatically mapped when you create the risk |
Creating Custom Risks
Not every risk fits a template. Use the Custom tab to build a risk from scratch:
- Click + Add Risk and select the Custom tab
- Fill in all the fields manually — title, description, category, scores, etc.
- The risk starts in Identified status (since there are no pre-filled scores from the library)
- Open the risk detail page — the system will recommend relevant controls based on the category you chose
Smart Recommendations
When you create a custom risk, you don't need to know which controls to link. Clarion automatically suggests controls that match your risk's category. For example, an "Access Control" risk will show all available access-related controls. Just click + next to each one to add it.
How Risks and Controls Are Connected
Automatic Linking
- Library risks — Controls are linked automatically when you create a risk from the library. Each library risk comes with pre-mapped controls.
- Custom risks — The system recommends controls based on the risk category. You choose which ones to add with a single click.
From a Risk
On any risk's detail page, you'll see two sections:
Mapped Controls shows controls already linked to this risk:
- Each linked compliance control and its name
- Whether the control is currently passing, failing, or not yet tested
- The reduction weights (how much it reduces likelihood and impact)
- Whether the control is currently effective
Recommended Controls shows controls you might want to add:
- Based on the risk's category (e.g., "Access Control" risks see access-related controls)
- Excludes controls already linked to this risk
- Click + to add a control instantly with default reduction weights
From a Control
On any compliance control's detail page, the Linked Risks section shows you:
- All risks connected to this control
- Each risk's title, category, and inherent score
- A clickable link to jump to the risk detail page
This two-way view helps you answer an important question: "If this control fails, which risks are affected?"