We were getting consistent feedback that users wanted more flexibility to define the factors that contribute to the Impact scorings of their risks (ie. financial factors and schemes other than Confidentiality, Integrity, Availability). The prospect of adding some custom fields initially sounded straightforward but there were a number challenges.
The UI for defining risk maps was already complex and crowded, including interdependent components. The content of these custom factors depended on the number and name of the Impact values. And the agreed requirement was to allow up to ten of these factors to be added in a very tight space.
I mocked up some prototypes and tested internally and externally and modified the designs accordingly.
Prototype - creation phase ยป
