Which term describes the repository containing key attributes of IT risks such as name, description, owner, expected/actual frequency, potential/actual magnitude, and disposition?

The IT risk register is the centralized repository for IT risk data. It is a structured store that captures each identified risk with attributes such as name, description, owner, expected and actual frequency, potential and actual magnitude, and disposition. This format supports ongoing monitoring, accountability, and reporting by making it easy to track how risks change over time, who is responsible, what treatments are planned or in place, and the current risk level. The other terms describe different concepts: a risk aggregated is just a collection or summary of risks, not the data store; quantitative risk analysis refers to a method for calculating numeric risk values; and a risk map is a visual representation of risk levels, not the data repository.