Mission System
Move from concept to deliverable. Flagship missions now run as artifact studios with validation, rubric scoring, and interview-ready reflection instead of self-attested checklist progress.
WORKSPACE SNAPSHOT
MISSIONS
115
VISIBLE
115
VALIDATED
0
TOTAL XP
36,075
115 DELIVERABLE BUILDS READY
Mission Library
Active Mission
Risk ManagementBeginnerNot Started
Build a Risk Register from Scratch
Every GRC program starts with understanding risk. In this mission, you will build the foundational artifact that drives all compliance and security decisions. Auditors ask for this document first — and most organizations do it wrong.
MISSION STATE
Not Started
RUBRIC SCORE
0%
Categories
0
Rows
0
High Risks
0
Controls Linked
0
WHAT YOU SHOULD LEAVE WITH
This mission only counts as complete when the artifact is reviewable, scored, and defensible. The output should feel like work you could show in a portfolio, mock audit, or interview case discussion.
LEARNING OBJECTIVES
1
Translate a vague risk conversation into a repeatable register structure.
2
Score risks in a way another reviewer can challenge and understand.
3
Turn high exposure into treatment action with ownership and rationale.
Duration
45 min
Reward
150 XP
FRAMEWORKS IN PLAY
ISO 27001NIST CSFSOC 2
SKILLS PRACTICED
Risk identificationLikelihood & impact scoringRisk treatment planningInherent vs residual risk
Mission Studio
MISSION FLOW
Guided simulation
COMPLETION STANDARD
This mission passes only when the artifact clears validation and the rubric threshold. Reflection is the final step that upgrades the work to portfolio-ready.
STEP 1Risk Register Spreadsheet0% READY
Define taxonomy and scoring
Set the categories, scoring logic, and appetite language before you start filling rows.
COACH NOTE
Keep the register readable. If the risk taxonomy is too wide or the scoring model is vague, the rest of the artifact becomes impossible to trust.
MENTAL MODEL
A risk register is a prioritization tool
The register is not just an inventory of bad things. It is the working instrument that forces ownership, scoring discipline, and treatment choices to become visible.
JUDGMENT
Scoring only matters if the rationale is defensible
If two analysts cannot explain why a risk is 12 instead of 20, the register will not survive audit, leadership challenge, or remediation planning.
ARTIFACT SECTION
Risk taxonomy
Define the top-level risk categories and the risk statement pattern the register will follow.
Core risk categories
MINIMUM 4 ITEMS
START THE LIST
Add the first category to begin shaping the artifact.
Capture the minimum categories you need to run the program without drowning the register in taxonomy.
Risk statement format
MINIMUM 110 CHARACTERS
Document the sentence structure the team will use so risk rows read consistently.
ARTIFACT SECTION
Scoring and appetite
Explain how likelihood and impact are rated and where escalation happens.
Likelihood and impact scoring model
MINIMUM 150 CHARACTERS
Use concrete ranges or business triggers so another analyst could reuse the model.
Risk appetite and escalation note
MINIMUM 110 CHARACTERS
Describe what level of risk the organization will not leave unattended.
RUBRIC STATUS
0%
SCORE GATE
0/100
MINIMUM TO PASS
70%
REFLECTION
0/2
COMPLETION GATE
Pass requires every core validation plus at least 70% on the rubric. Portfolio-ready status also requires the reflection prompts to be completed.
VALIDATION CHECKS
Artifact readiness
Taxonomy is defined
0 categories captured
Scoring and appetite are documented
Add clearer scoring and appetite language
Starter register has enough complete rows
0/5 complete rows
High risks have named response paths
Add enough complete risk rows before treatment coverage can be assessed
Executive readout is ready
Leadership summary still needs more specificity
RUBRIC BREAKDOWN
How the work is judged
Register completeness
0/25
Scoring and treatment quality
0/25
Control and ownership linkage
0/20
Written rationale
0/15
Executive readiness
0/15
NEEDS ATTENTION
Top issues blocking completion
Taxonomy is defined
0 categories captured
Scoring and appetite are documented
Add clearer scoring and appetite language
Starter register has enough complete rows
0/5 complete rows
ARTIFACT OUTPUT
Exportable proof of work
WHAT EXPORT INCLUDES
The export packages mission metadata, your structured artifact, reflection answers, validations, and rubric snapshot into one markdown document that already reads like a deliverable review pack.
PREVIEW
# Build a Risk Register from Scratch - Mission ID: MSN-001 - Deliverable: Risk Register Spreadsheet - Status: Not Started - Score: 0% - Last Updated: Draft preview - Estimated Duration: 45 min - Frameworks: ISO 27001, NIST CSF, SOC 2 ## Mission Context Every GRC program starts with understanding risk. In this mission, you will build the foundational artifact that drives all compliance and security decisions. Auditors ask for this document first — and most organizations do it wrong. ## Learning Objectives - Translate a vague risk conversation into a repeatable register structure. - Score risks in a way another reviewer can challenge and understand. - Turn high exposure into treatment action with ownership and rationale. ## Artifact Output ### Risk taxonomy Define the top-level risk categories and the risk statement pattern the register will follow. #### Core risk categories _Not provided yet._ #### Risk statement format
File name: msn-001-risk-register-spreadsheet.md
Reset clears the working artifact for Build a Risk Register from Scratch and starts the studio from step one.