Automatically generates risk items from an R4SUB evidence table. Each failing or warning indicator becomes a potential risk, with probability and impact inferred from evidence severity.
Usage
evidence_to_risks(
evidence,
config = risk_config_default(),
include_pass = FALSE
)Arguments
- evidence
A validated evidence data.frame (from
r4subcore).- config
A
risk_configfromrisk_config_default().- include_pass
Logical; if
TRUE, passing indicators are also included as low-risk items. DefaultFALSE.
Value
A tibble suitable for create_risk_register().
Details
The mapping from evidence to risk uses:
risk_id: derived fromindicator_id+asset_idviar4subcore::hash_id()category: mapped fromindicator_domainprobability: mapped from evidenceseverityvia configimpact: mapped from evidenceseverityvia configdetectability: usesconfig$default_detectability
Multiple evidence rows for the same indicator + asset are aggregated: probability and impact use the maximum across rows.
Examples
if (FALSE) { # \dontrun{
risk_items <- evidence_to_risks(evidence)
rr <- create_risk_register(risk_items)
} # }