Apparatus and method for tying cyber-security risk analysis to common risk methodologies and risk levels

What is claimed is: 1 . A method comprising: identifying, by a risk manager system, a plurality of connected devices that are vulnerable to cyber-security risks; identifying, by the risk manager system, cyber-security risks in the connected devices; assigning, by the risk manager system, a risk level to each of the identified cyber-security risks; for each identified cyber-security risk, comparing by the risk manager system the assigned risk level to a first threshold and to a second threshold; based on the comparisons, assigning, by the risk manager system, each identified cyber-security risk to a risk classification; and displaying, by the risk manager system, a user interface that includes a notification according to the identified cyber-security risks and the corresponding assigned risk classifications. 2 . The method of claim 1 , wherein the first threshold is a risk appetite and the second threshold is a risk tolerance. 3 . The method of claim 1 , wherein the risk manager system also receives the first and second threshold from a user. 4 . The method of claim 1 , wherein the risk manager system assigns identified cyber-security risks with an assigned risk level that is less than both the first threshold and the second threshold to a low-priority classification or a notification classification. 5 . The method of claim 1 , wherein the risk manager system assigns identified cyber-security risks with an assigned risk level that is greater than or equal to the first threshold but is less than the second threshold to a warning classification. 6 . The method of claim 1 , wherein the risk manager system assigns identified cyber-security risks with an assigned risk level that is greater than or equal to both the first threshold and the second threshold to an alert classification. 7 . The method of claim 1 , wherein the risk manager system prompts a user for an action in response to displaying the notification. 8 . A risk manager system comprising: a controller; and a display, the risk manager system configured to identify a plurality of connected devices that are vulnerable to cyber-security risks; identify cyber-security risks in the connected devices; assign a risk level to each of the identified cyber-security risks; for each identified cyber-security risk, compare the assigned risk level to a first threshold and to a second threshold; based on the comparisons, assign each identified cyber-security risk to a risk classification by the risk manager system; and display a user interface that includes a notification according to the identified cyber-security risks and the corresponding assigned risk classifications. 9 . The risk manager system of claim 8 , wherein the first threshold is a risk appetite and the second threshold is a risk tolerance. 10 . The risk manager system of claim 8 , wherein the risk manager system also receives the first and second threshold from a user. 11 . The risk manager system of claim 8 , wherein the risk manager system assigns identified cyber-security risks with an assigned risk level that is less than both the first threshold and the second threshold to a low-priority classification or a notification classification. 12 . The risk manager system of claim 8 , wherein the risk manager system assigns identified cyber-security risks with an assigned risk level that is greater than or equal to the first threshold but is less than the second threshold to a warning classification. 13 . The risk manager system of claim 8 , wherein the risk manager system assigns identified cyber-security risks with an assigned risk level that is greater than or equal to both the first threshold and the second threshold to an alert classification. 14 . The risk manager system of claim 8 , wherein the risk manager system prompts a user for an action in response to displaying the notification. 15 . A non-transitory machine-readable medium encoded with executable instructions that, when executed, cause one or more processors of a risk manager system to: identify a plurality of connected devices that are vulnerable to cyber-security risks; identify cyber-security risks in the connected devices; assign a risk level to each of the identified cyber-security risks; for each identified cyber-security risk, compare the assigned risk level to a first threshold and to a second threshold; based on the comparisons, assign each identified cyber-security risk to a risk classification by the risk manager system; and display a user interface that includes a notification according to the identified cyber-security risks and the corresponding assigned risk classifications. 16 . The non-transitory machine-readable medium of claim 15 , wherein the first threshold is a risk appetite and the second threshold is a risk tolerance. 17 . The non-transitory machine-readable medium of claim 15 , wherein the risk manager system also receives the first and second threshold from a user. 18 . The non-transitory machine-readable medium of claim 15 , wherein the risk manager system assigns identified cyber-security risks with an assigned risk level that is less than both the first threshold and the second threshold to a low-priority classification or a notification classification. 19 . The non-transitory machine-readable medium of claim 15 , wherein the risk manager system assigns identified cyber-security risks with an assigned risk level that is greater than or equal to the first threshold but is less than the second threshold to a warning classification. 20 . The non-transitory machine-readable medium of claim 15 , wherein the risk manager system assigns identified cyber-security risks with an assigned risk level that is greater than or equal to both the first threshold and the second threshold to an alert classification.