Cybersecurity Risk Register

Build a risk register for tracking and managing security risks

🧪 Tested by a human Intermediate 👤 Cybersecurity 👤 It Admin 👤 Manager
Create a cybersecurity risk register for [ORGANISATION/PROJECT]. Include columns: (1) Risk ID, (2) Risk description, (3) Category (technical, human, process), (4) Likelihood (1-5), (5) Impact (1-5), (6) Risk score, (7) Current controls, (8) Residual risk, (9) Treatment plan, (10) Owner, (11) Review date. Pre-populate with the top 10 common risks for [INDUSTRY].

Works on

⭐ M365 Copilot (Best) 🟢 ChatGPT 🟠 Claude

Copy & Open in

🟢 ChatGPT 🟠 Claude

Prompt is copied to your clipboard when you click

Tips for Best Results

  • Review the risk register monthly with the security team
  • Link risks to business impact in dollar terms for executive buy-in
  • Use red amber green for quick visual scanning

📎 More Prompts

Data Breach Notification Draft

●●●
Draft breach notification communications for a [BREACH TYPE — data leak / unauthorized access / ransomware] affecting [NUMBER] records. Create: (1) Internal notification to leadership (immediate), (2) Employee communication (within 24 hours), (3) Customer notification (compliant with [REGULATION — GDPR / Privacy Act / state law]), (4) Media statement (if needed). Each communication should be factual, empathetic, and include next steps.
⚡ M365 🟢 GPT ⭐ Claude

Incident Response Plan

●●●
Draft an incident response plan for [INCIDENT TYPE — ransomware / data breach / phishing compromise / account takeover]. Include: (1) Detection indicators, (2) Immediate containment steps, (3) Eradication procedures, (4) Recovery timeline, (5) Communication plan (internal and external), (6) Post-incident review process, (7) Roles and responsibilities matrix.
⚡ M365 🟢 GPT ⭐ Claude

MFA Rollout Communication Plan

●●
Create a communication plan for rolling out MFA to [NUMBER] users over [TIMEFRAME]. Include: (1) Executive announcement email, (2) Step-by-step setup guide for users, (3) FAQ addressing common concerns, (4) Support escalation path, (5) Timeline with pilot group and full rollout dates, (6) Follow-up email for non-compliant users. Tone: supportive, not threatening.
⭐ M365 🟢 GPT 🟠 Claude
💬