Chapter 3 — Risk & Vulnerability

• Threat vector map across people, systems, and third parties
• Likelihood-impact risk matrix
• Risk register design for mitigation planning
• Practice prompts to move from theory to operational controls