Risk matrices (heatmaps) are widely used for information and cyber risk management and decision-making, yet they are often too coarse for today's resilience-driven organizational and system landscapes. Likelihood and impact (the two dimensions represented in a heatmap) can vary with operational conditions, third-party dependencies, and the effectiveness of technical and organizational controls. At the same time, organizations cannot afford to analyze and operationalize every identified risk with equal depth using more sophisticated methods, telemetry, and real-time decision logic. We therefore propose a traceable triage pipeline that connects broad, context-sensitive screening with selective deep-dive analysis of material risks. The Hagenberg Risk Management Process presented in this paper integrates three steps: (i) context-aware prioritization using multidimensional polar heatmaps to compare risks across multiple operational states, (ii) Bowtie analysis for triaged risks to structure causes, consequences, and barriers, and (iii) an automated transformation of Bowties into directed acyclic graphs as the structural basis for Bayesian networks. A distinctive feature is the explicit representation of barriers as activation nodes in the resulting graph, making control points visible and preparing for later intervention and what-if analyses. The approach is demonstrated on an instant-payments gateway scenario in which a faulty production change under peak load leads to cascading degradation and transaction loss; DORA serves as the reference framework for resilience requirements. The result is an end-to-end, tool-supported workflow that improves transparency, auditability, and operational readiness from prioritization to monitoring-oriented models.

翻译：风险矩阵（热力图）被广泛用于信息和网络风险管理与决策，但其粒度往往不足以应对当今以韧性为导向的组织与系统环境。可能性与影响（热力图所呈现的两个维度）可能随运行条件、第三方依赖关系以及技术与组织控制措施的有效性而变化。与此同时，组织难以使用更复杂的方法、遥测数据和实时决策逻辑对每个已识别风险进行同等深度的分析与实施。因此，我们提出一种可追溯的风险分级流程，将广泛的情境感知筛查与对重大风险的选择性深度分析相结合。本文提出的哈根伯格风险管理流程整合了三个步骤：（i）使用多维极坐标热力图进行情境感知优先级排序，以比较多种运行状态下的风险；（ii）对分级风险进行领结图分析，以结构化呈现成因、后果与屏障；（iii）将领结图自动转换为有向无环图，作为贝氏网络的结构基础。其显著特点是在生成的图中将屏障显式表示为激活节点，使控制点可见，并为后续干预与假设分析做好准备。该方法通过即时支付网关场景进行演示：在峰值负载下，一项错误的生产变更导致级联性能退化与交易丢失；DORA 被用作韧性需求的参考框架。最终形成一套端到端、工具支持的工作流，从优先级排序到面向监控的模型，提升了透明度、可审计性与运行就绪度。