A risk scenario describes a specific combination of asset, threat, and vulnerability. Example: “Customer database (asset) is compromised by an external attacker (threat) via SQL injection (vulnerability).” Risk scenarios make abstract risks tangible and assessable. For each scenario you estimate likelihood and impact. In the ISMS wizard, Cenedril generates risk scenarios automatically from the previously selected assets, threats, and vulnerabilities. This saves significant effort and ensures completeness.