The risk matrix (5x5) is a widely used risk-analysis tool. One axis represents likelihood (e.g. from very low to very high), the other represents impact. Each combination yields a risk level, typically colour-coded. The matrix makes risk distribution visible at a glance and supports communication with senior management. In an ISMS under ISO 27001, the risk matrix forms the basis for risk evaluation. You should define the scales clearly so that different assessors arrive at consistent results.