Risk is Risk and Risk is Contextual
Risk Views are Not Always the Same
Risk is risk, no matter what type. Every organization has risks, and they are gauged differently per organization (as they should be). Solutions that try to 'Grade' 'RISKINESS' or 'BREACH SUSCEPTIBILITY' of an organization overly generalize and assume that everyone views risk the same way, which is NEVER the case.
Third Party Risk
Every organization views its risk posture and appetite differently, and even further, they view Third-Party risk differently depending on the criticality and services that Third-Party provides.
Grades are a Great Start
Using “Risk Rating” grades is a good start but should never be considered more than a hygiene check and a conversation starter.
Risks Beyond Technical
Risk is different for every organization and comes in many forms. NOT JUST TECHNICAL!