Hey Justin
The format should be pretty straight forward. The structure of the file:
rpos (Risk Position, used for creating the top 10 risk categories)
rdetail (The guts of the Risk entry within the register)
rimpact - This is the Risk Impact on a scale of 1 (little impact) to 5 (heavy impact)
rprob - This is Risk Probability or the likelyhood of the risk occuring, again 1 to 5
rval - This is the Risk Value, a multiple of rimpact and rprob.
Below is a head of the log file. I tend to store this as a monitored file in /var/log/srisk.
rpos,rdetail,rimpact,rprob,rval
1,"Legacy systems, unsupported software being highly vulnerable to attack",5,4,20
Hope that helps, enjoy the User Conference.
Pete
... View more