Risk Exposure
A 0–100 number per tracked risk indicating residual likelihood × impact after current mitigations. Computed as 100 − Σ(subscore × mitigation weight) + offset, clamped to [0,100]. Bands: LOW (0–24), MEDIUM (25–49), HIGH (50–74), CRITICAL (75–100).
Where this term fits in a CISO program
Risk Exposure is one of 35 cybersecurity strategy concepts CISO Game models live. Risk Exposure appears throughout the simulation — in the risk register, the investment catalog, and the mechanics reference — so a player encounters the concept in context rather than as an isolated definition.
See it in play
The fastest way to internalize Risk Exposure is to watch it move during a 5-year program. Start a free CISO Game run to see how this concept interacts with budget, hiring, and incident response across 20 quarters of strategic play.
Related glossary terms
- Residual OffsetResidual offset is a constant added to a risk's exposure score that represents t…
- ResponseThe posture pillar that measures how decisively your team contains and remediate…
- Sector WireThe in-universe ticker showing fictional industry headlines that contextualize t…
- Senior AnalystA senior security team role required to operate enterprise-tier tools (Enterpris…