senaduka/old-riskletpy
1
0
Fork 0
Code Issues 5 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add risks

Browse Source
This commit is contained in:
Senad Uka
2025-02-07 13:22:17 +01:00
parent aab3dd19a8
commit 092a6bee6a
1 changed files with 120 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
risks.csv Normal file
View File

@@ -0,0 +1,120 @@
Risk ID,Category,Risk Name,Primary Impact,Secondary Impact,Tertiary Impact,Detection Difficulty,Recovery Complexity,Business Impact Severity
1,Staffing,Lack of Sufficient IT/Security Staffing,Delayed incident response,Security control degradation,Increased staff burnout,Low,High,High
2,Infrastructure,Single Points of Failure in Infrastructure,Service disruption,Business continuity impact,Recovery delays,Medium,High,Critical
3,Infrastructure,Aging Infrastructure Risks,System instability,Support limitations,Performance degradation,Medium,High,High
4,Systems,Legacy Operating Systems and Applications,Security vulnerabilities,Compatibility issues,Support limitations,Medium,High,High
5,Security,SSL Certificate Private Key Exposure,Data interception,Trust violation,Compliance breach,High,Medium,Critical
6,Security,DDoS Attack,Service unavailability,Revenue loss,Reputation damage,Low,Medium,High
7,Cloud,Misconfigured Cloud Services,Data exposure,Unauthorized access,Compliance violation,Medium,Medium,Critical
8,Data,Accidental Data Disclosure,Information leakage,Compliance violation,Reputation damage,Low,Medium,High
9,Source Code,Source Code Exposure,IP theft,Security vulnerability exposure,Competitive disadvantage,High,High,Critical
10,Endpoint,Unapproved Software Installation,Malware risk,System instability,Compliance violation,Medium,Low,Medium
11,Access,Insider Privilege Escalation,Unauthorized access,Data theft,System compromise,High,Medium,High
12,Malware,Commodity/Drive-by Malware,System infection,Data theft,Resource consumption,Low,Medium,Medium
13,Supply Chain,Third Party Code Compromise,System compromise,Data theft,Trust violation,High,High,Critical
14,Security,Developer Spear Phishing,Code base compromise,Product infection,Customer impact,High,High,Critical
15,Security,Back-office User Phishing,Credential theft,Financial fraud,System compromise,Medium,Medium,High
16,Physical,Unauthorized Physical Access,Asset theft,Data exposure,System compromise,Low,Medium,High
17,Endpoint,Developer Laptop Loss/Theft,Data exposure,Credential compromise,System access risk,Low,Medium,High
18,Malware,Ransomware Infection,Data encryption,Business disruption,Financial impact,Medium,High,Critical
19,Security,Web-facing Vulnerability Exploitation,System compromise,Data theft,Service disruption,Medium,High,High
20,Infrastructure,Cloud Provider Service Outage,Service disruption,Revenue loss,Customer impact,Low,High,Critical
21,Data,Database Corruption,Data integrity loss,Service disruption,Recovery effort,Medium,High,High
22,Backup,Misconfigured Backup Systems,Data loss risk,Recovery failure,Compliance impact,Medium,High,Critical
23,Network,Network Segmentation Failure,Security zone breach,Lateral movement risk,Compliance violation,High,Medium,High
24,API,API Gateway Compromise,Unauthorized access,Data exposure,Service manipulation,High,High,Critical
25,Access,Compromised Service Account,System access breach,Privilege escalation,Audit corruption,High,Medium,High
26,Identity,Failed Identity Provider,Authentication failure,Service disruption,Productivity loss,Low,High,Critical
27,Infrastructure,Expired Domain Controller Certificates,Authentication failure,Service disruption,Business impact,Low,Medium,High
28,Access,Privilege Creep,Excessive access,Compliance violation,Security risk,Medium,Medium,Medium
29,Security,Compromised Password Manager,Credential exposure,Multiple system risk,Extended compromise,High,High,Critical
30,DevOps,CI/CD Pipeline Compromise,Code integrity breach,Malicious deployment,Customer impact,High,High,Critical
31,Supply Chain,Dependency Supply Chain Attack,System compromise,Widespread impact,Detection evasion,High,High,Critical
32,Development,Development Environment Compromise,Source code theft,Build corruption,IP loss,High,High,Critical
33,Container,Container Image Compromise,Production infection,Lateral movement,Data theft,High,High,High
34,Source Code,Code Repository Breach,IP theft,Secret exposure,Development impact,High,High,Critical
35,Network,BGP Route Hijacking,Traffic redirection,Data interception,Service disruption,High,High,Critical
36,Network,VPN Concentrator Failure,Remote access loss,Security bypass risk,Productivity impact,Low,Medium,High
37,Network,DNS Cache Poisoning,Traffic misdirection,Data interception,Trust violation,High,Medium,High
38,Email,Email Gateway Failure,Communication disruption,Security exposure,Business impact,Low,Medium,High
39,Network,Wireless Network Compromise,Unauthorized access,Data interception,Network breach,Medium,Medium,High
40,Storage,Storage Array Failure,Data unavailability,Service disruption,Business impact,Low,High,Critical
41,Security,Encryption Key Loss,Data inaccessibility,Recovery impossibility,Business impact,Medium,High,Critical
42,Data,Data Classification Error,Inappropriate access,Compliance violation,Security exposure,Medium,Medium,High
43,Storage,Archive System Failure,Compliance violation,Legal impact,Data retention failure,Medium,High,High
44,Data,Unauthorized Data Transfer,Data leakage,Compliance violation,Regulatory impact,High,Medium,High
45,Change,Change Control Bypass,System instability,Security bypass,Audit violation,Medium,Medium,High
46,Configuration,CMDB Corruption,Asset tracking failure,Audit impact,Security planning,Medium,High,Medium
47,Automation,Automated Provisioning Failure,Resource allocation,Service delay,Security bypass,Medium,Medium,Medium
48,Security,Security Tool Misconfiguration,Detection failure,Alert flooding,Control effectiveness,Medium,Medium,High
49,Security,Policy Enforcement Point Failure,Control bypass,Compliance violation,Security gap,Medium,Medium,High
50,Vendor,Vendor Remote Access Compromise,Unauthorized access,System compromise,Trust violation,High,High,High
51,Cloud,Cloud Service Provider API Change,Integration failure,Service disruption,Development impact,Medium,Medium,High
52,Vendor,Managed Service Provider Breach,Multiple client impact,Data exposure,Trust violation,High,High,Critical
53,Supply Chain,Third Party Software Update Compromise,System infection,Trust violation,Wide impact,High,High,Critical
54,Vendor,Vendor Bankruptcy/Closure,Support loss,Security gap,Migration requirement,Low,High,High
55,Physical,Data Center Power Event,Service disruption,Hardware damage,Data corruption,Low,High,Critical
56,Physical,Natural Disaster Impact,Infrastructure damage,Service disruption,Business impact,Low,High,Critical
57,Physical,HVAC System Failure,Hardware risk,System instability,Performance impact,Low,Medium,High
58,Physical,Fire Suppression System Discharge,Hardware damage,Service disruption,Recovery effort,Low,High,Critical
59,Physical,Physical Security System Failure,Unauthorized access,Asset risk,Compliance violation,Medium,Medium,High
60,Compliance,Audit Finding Non-remediation,Regulatory penalty,Certification loss,Legal exposure,Medium,High,High
61,Compliance,Privacy Regulation Violation,Financial penalty,Reputation damage,Legal exposure,Medium,High,Critical
62,Compliance,Data Sovereignty Violation,Regulatory penalty,Legal exposure,Service restriction,Medium,High,High
63,Compliance,Export Control Violation,Legal penalty,Business restriction,Regulatory impact,Medium,High,High
64,Compliance,License Compliance Violation,Financial penalty,Legal exposure,Vendor impact,Medium,Medium,High
65,Emerging Tech,AI Model Poisoning,Decision corruption,Service degradation,Recovery effort,High,High,High
66,Emerging Tech,Quantum Computing Threat,Encryption risk,Authentication risk,Security model impact,High,High,Critical
67,IoT,IoT Device Compromise,Network breach,Data collection,Control system risk,High,Medium,High
68,Blockchain,Smart Contract Vulnerability,Financial loss,Transaction manipulation,System integrity,High,High,High
69,Network,5G Infrastructure Exploitation,Communication compromise,Data interception,Service disruption,High,High,High
70,Authentication,Password Hash Leak,Credential compromise,Multiple system risk,Extended exposure,High,High,Critical
71,Authentication,OAuth Token Exposure,API compromise,Service impersonation,Data breach,High,Medium,High
72,Authentication,Session Token Hijacking,Account takeover,Unauthorized access,Transaction fraud,High,Medium,High
73,Authentication,SAML Certificate Expiration,SSO failure,Service disruption,Business impact,Low,Medium,High
74,Identity,Directory Service Sync Failure,Account issues,Access control gap,User management,Medium,Medium,High
75,Cloud,Container Orchestration Platform Compromise,Workload manipulation,Resource theft,Multi-tenant impact,High,High,Critical
76,Cloud,Cloud Storage Bucket Enumeration,Data discovery,Privacy breach,Compliance violation,Medium,Medium,High
77,Cloud,Serverless Function Injection,Code execution,Resource theft,Service manipulation,High,High,High
78,Cloud,Cloud IAM Role Misconfiguration,Excessive permissions,Resource exposure,Privilege escalation,Medium,Medium,High
79,Network,Cloud Network ACL Bypass,Unauthorized access,Security breach,Data exposure,High,Medium,High
80,Security,SIEM System Failure,Alert loss,Detection gap,Compliance violation,Medium,High,Critical
81,Security,Log Aggregation System Overflow,Data loss,Detection gap,Compliance violation,Medium,Medium,High
82,Security,Security Tool Alert Fatigue,Missed detection,Response delay,Control effectiveness,Medium,Medium,High
83,Security,Monitoring System False Positives,Resource waste,Response delay,Detection accuracy,Medium,Low,Medium
84,Network,Network Sensor Blind Spots,Visibility gap,Detection evasion,Investigation limit,High,Medium,High
85,API,API Rate Limiting Bypass,Resource exhaustion,Service disruption,Cost impact,Medium,Low,Medium
86,API,GraphQL Query Depth Attack,Resource consumption,Service degradation,Performance impact,High,Medium,High
87,Web,Web Application Cache Poisoning,Content manipulation,User impact,Service integrity,High,Medium,High
88,Web,Client-Side Template Injection,Data theft,User manipulation,Content integrity,High,Medium,High
89,Web,Service Worker Hijacking,Traffic interception,Content manipulation,Credential theft,High,Medium,High
90,Database,Database Connection Pool Exhaustion,Service unavailability,Transaction failure,Performance impact,Medium,Medium,High
91,Database,Time-Series Database Overflow,Data loss,Analysis impact,Storage exhaustion,Medium,Medium,High
92,Database,Database Replication Lag,Data inconsistency,Read errors,Application impact,Medium,Medium,High
93,Database,NoSQL Injection,Data manipulation,Unauthorized access,Service disruption,High,High,High
94,Database,Database Schema Poisoning,Data integrity,Application errors,Service disruption,High,High,Critical
95,Network,SDN Controller Compromise,Network manipulation,Traffic redirection,Wide impact,High,High,Critical
96,Network,Load Balancer Configuration Drift,Service disruption,Performance impact,Availability issues,Medium,Medium,High
97,Network,Network Device Firmware Compromise,Traffic manipulation,Security bypass,Performance impact,High,High,Critical
98,Security,SSL/TLS Version Deprecation,Service incompatibility,Security weakness,Compliance violation,Low,Medium,High
99,Network,Network Time Protocol Attack,Time sync issue,Certificate validation,Authentication issue,High,Medium,High
100,DevOps,Infrastructure as Code Template Poisoning,Resource misconfig,Security bypass,Deployment pollution,High,High,Critical
101,Container,Container Base Image Compromise,Widespread infection,Build pollution,Development impact,High,High,Critical
102,DevOps,Artifact Repository Compromise,Build corruption,Deployment pollution,Development impact,High,High,Critical
103,DevOps,Development Tool Chain Breach,Code manipulation,Build corruption,Deployment risk,High,High,Critical
104,Configuration,Configuration Management Tool Compromise,System misconfig,Security bypass,Wide impact,High,High,Critical
105,Mobile,Mobile Device Management Bypass,Policy enforcement,Data protection,Compliance violation,Medium,Medium,High
106,Endpoint,Endpoint Protection Failure,Malware exposure,System compromise,Data theft,Medium,High,High
107,Mobile,BYOD Policy Violation,Data exposure,Network risk,Compliance violation,Medium,Medium,Medium
108,Remote Access,Remote Desktop Protocol Exposure,Unauthorized access,System compromise,Lateral movement,High,High,High
109,Endpoint,Local Administrator Rights Abuse,System compromise,Malware installation,Security bypass,Medium,Medium,High
110,Business,Automated Payment System Compromise,Financial loss,Transaction fraud,Business impact,High,High,Critical
111,Business,Business Email Compromise,Financial fraud,Data theft,Relationship damage,High,High,Critical
112,Document,Document Management System Breach,Information disclosure,IP theft,Compliance violation,High,High,High
113,Business,Customer Support System Compromise,Data exposure,Service manipulation,Trust violation,High,High,High
114,HR,HR System Data Breach,Personal data exposure,Legal liability,Employee trust,High,High,Critical
115,AI,Machine Learning Model Extraction,IP theft,Competitive loss,Service replication,High,High,High
116,AI,Deep Fake Authentication Bypass,Identity fraud,Access control bypass,Trust violation,High,High,High
117,Edge Computing,Edge Computing Node Compromise,Data exposure,Service manipulation,Network breach,High,High,High
118,IoT,Digital Twin Manipulation,Decision impact,Operational disruption,Safety risk,High,High,High
119,Security,Zero-Trust Architecture Bypass,Security model failure,Access control bypass,Trust violation,High,High,Critical
1 Risk ID Category Risk Name Primary Impact Secondary Impact Tertiary Impact Detection Difficulty Recovery Complexity Business Impact Severity
2 1 Staffing Lack of Sufficient IT/Security Staffing Delayed incident response Security control degradation Increased staff burnout Low High High
3 2 Infrastructure Single Points of Failure in Infrastructure Service disruption Business continuity impact Recovery delays Medium High Critical
4 3 Infrastructure Aging Infrastructure Risks System instability Support limitations Performance degradation Medium High High
5 4 Systems Legacy Operating Systems and Applications Security vulnerabilities Compatibility issues Support limitations Medium High High
6 5 Security SSL Certificate Private Key Exposure Data interception Trust violation Compliance breach High Medium Critical
7 6 Security DDoS Attack Service unavailability Revenue loss Reputation damage Low Medium High
8 7 Cloud Misconfigured Cloud Services Data exposure Unauthorized access Compliance violation Medium Medium Critical
9 8 Data Accidental Data Disclosure Information leakage Compliance violation Reputation damage Low Medium High
10 9 Source Code Source Code Exposure IP theft Security vulnerability exposure Competitive disadvantage High High Critical
11 10 Endpoint Unapproved Software Installation Malware risk System instability Compliance violation Medium Low Medium
12 11 Access Insider Privilege Escalation Unauthorized access Data theft System compromise High Medium High
13 12 Malware Commodity/Drive-by Malware System infection Data theft Resource consumption Low Medium Medium
14 13 Supply Chain Third Party Code Compromise System compromise Data theft Trust violation High High Critical
15 14 Security Developer Spear Phishing Code base compromise Product infection Customer impact High High Critical
16 15 Security Back-office User Phishing Credential theft Financial fraud System compromise Medium Medium High
17 16 Physical Unauthorized Physical Access Asset theft Data exposure System compromise Low Medium High
18 17 Endpoint Developer Laptop Loss/Theft Data exposure Credential compromise System access risk Low Medium High
19 18 Malware Ransomware Infection Data encryption Business disruption Financial impact Medium High Critical
20 19 Security Web-facing Vulnerability Exploitation System compromise Data theft Service disruption Medium High High
21 20 Infrastructure Cloud Provider Service Outage Service disruption Revenue loss Customer impact Low High Critical
22 21 Data Database Corruption Data integrity loss Service disruption Recovery effort Medium High High
23 22 Backup Misconfigured Backup Systems Data loss risk Recovery failure Compliance impact Medium High Critical
24 23 Network Network Segmentation Failure Security zone breach Lateral movement risk Compliance violation High Medium High
25 24 API API Gateway Compromise Unauthorized access Data exposure Service manipulation High High Critical
26 25 Access Compromised Service Account System access breach Privilege escalation Audit corruption High Medium High
27 26 Identity Failed Identity Provider Authentication failure Service disruption Productivity loss Low High Critical
28 27 Infrastructure Expired Domain Controller Certificates Authentication failure Service disruption Business impact Low Medium High
29 28 Access Privilege Creep Excessive access Compliance violation Security risk Medium Medium Medium
30 29 Security Compromised Password Manager Credential exposure Multiple system risk Extended compromise High High Critical
31 30 DevOps CI/CD Pipeline Compromise Code integrity breach Malicious deployment Customer impact High High Critical
32 31 Supply Chain Dependency Supply Chain Attack System compromise Widespread impact Detection evasion High High Critical
33 32 Development Development Environment Compromise Source code theft Build corruption IP loss High High Critical
34 33 Container Container Image Compromise Production infection Lateral movement Data theft High High High
35 34 Source Code Code Repository Breach IP theft Secret exposure Development impact High High Critical
36 35 Network BGP Route Hijacking Traffic redirection Data interception Service disruption High High Critical
37 36 Network VPN Concentrator Failure Remote access loss Security bypass risk Productivity impact Low Medium High
38 37 Network DNS Cache Poisoning Traffic misdirection Data interception Trust violation High Medium High
39 38 Email Email Gateway Failure Communication disruption Security exposure Business impact Low Medium High
40 39 Network Wireless Network Compromise Unauthorized access Data interception Network breach Medium Medium High
41 40 Storage Storage Array Failure Data unavailability Service disruption Business impact Low High Critical
42 41 Security Encryption Key Loss Data inaccessibility Recovery impossibility Business impact Medium High Critical
43 42 Data Data Classification Error Inappropriate access Compliance violation Security exposure Medium Medium High
44 43 Storage Archive System Failure Compliance violation Legal impact Data retention failure Medium High High
45 44 Data Unauthorized Data Transfer Data leakage Compliance violation Regulatory impact High Medium High
46 45 Change Change Control Bypass System instability Security bypass Audit violation Medium Medium High
47 46 Configuration CMDB Corruption Asset tracking failure Audit impact Security planning Medium High Medium
48 47 Automation Automated Provisioning Failure Resource allocation Service delay Security bypass Medium Medium Medium
49 48 Security Security Tool Misconfiguration Detection failure Alert flooding Control effectiveness Medium Medium High
50 49 Security Policy Enforcement Point Failure Control bypass Compliance violation Security gap Medium Medium High
51 50 Vendor Vendor Remote Access Compromise Unauthorized access System compromise Trust violation High High High
52 51 Cloud Cloud Service Provider API Change Integration failure Service disruption Development impact Medium Medium High
53 52 Vendor Managed Service Provider Breach Multiple client impact Data exposure Trust violation High High Critical
54 53 Supply Chain Third Party Software Update Compromise System infection Trust violation Wide impact High High Critical
55 54 Vendor Vendor Bankruptcy/Closure Support loss Security gap Migration requirement Low High High
56 55 Physical Data Center Power Event Service disruption Hardware damage Data corruption Low High Critical
57 56 Physical Natural Disaster Impact Infrastructure damage Service disruption Business impact Low High Critical
58 57 Physical HVAC System Failure Hardware risk System instability Performance impact Low Medium High
59 58 Physical Fire Suppression System Discharge Hardware damage Service disruption Recovery effort Low High Critical
60 59 Physical Physical Security System Failure Unauthorized access Asset risk Compliance violation Medium Medium High
61 60 Compliance Audit Finding Non-remediation Regulatory penalty Certification loss Legal exposure Medium High High
62 61 Compliance Privacy Regulation Violation Financial penalty Reputation damage Legal exposure Medium High Critical
63 62 Compliance Data Sovereignty Violation Regulatory penalty Legal exposure Service restriction Medium High High
64 63 Compliance Export Control Violation Legal penalty Business restriction Regulatory impact Medium High High
65 64 Compliance License Compliance Violation Financial penalty Legal exposure Vendor impact Medium Medium High
66 65 Emerging Tech AI Model Poisoning Decision corruption Service degradation Recovery effort High High High
67 66 Emerging Tech Quantum Computing Threat Encryption risk Authentication risk Security model impact High High Critical
68 67 IoT IoT Device Compromise Network breach Data collection Control system risk High Medium High
69 68 Blockchain Smart Contract Vulnerability Financial loss Transaction manipulation System integrity High High High
70 69 Network 5G Infrastructure Exploitation Communication compromise Data interception Service disruption High High High
71 70 Authentication Password Hash Leak Credential compromise Multiple system risk Extended exposure High High Critical
72 71 Authentication OAuth Token Exposure API compromise Service impersonation Data breach High Medium High
73 72 Authentication Session Token Hijacking Account takeover Unauthorized access Transaction fraud High Medium High
74 73 Authentication SAML Certificate Expiration SSO failure Service disruption Business impact Low Medium High
75 74 Identity Directory Service Sync Failure Account issues Access control gap User management Medium Medium High
76 75 Cloud Container Orchestration Platform Compromise Workload manipulation Resource theft Multi-tenant impact High High Critical
77 76 Cloud Cloud Storage Bucket Enumeration Data discovery Privacy breach Compliance violation Medium Medium High
78 77 Cloud Serverless Function Injection Code execution Resource theft Service manipulation High High High
79 78 Cloud Cloud IAM Role Misconfiguration Excessive permissions Resource exposure Privilege escalation Medium Medium High
80 79 Network Cloud Network ACL Bypass Unauthorized access Security breach Data exposure High Medium High
81 80 Security SIEM System Failure Alert loss Detection gap Compliance violation Medium High Critical
82 81 Security Log Aggregation System Overflow Data loss Detection gap Compliance violation Medium Medium High
83 82 Security Security Tool Alert Fatigue Missed detection Response delay Control effectiveness Medium Medium High
84 83 Security Monitoring System False Positives Resource waste Response delay Detection accuracy Medium Low Medium
85 84 Network Network Sensor Blind Spots Visibility gap Detection evasion Investigation limit High Medium High
86 85 API API Rate Limiting Bypass Resource exhaustion Service disruption Cost impact Medium Low Medium
87 86 API GraphQL Query Depth Attack Resource consumption Service degradation Performance impact High Medium High
88 87 Web Web Application Cache Poisoning Content manipulation User impact Service integrity High Medium High
89 88 Web Client-Side Template Injection Data theft User manipulation Content integrity High Medium High
90 89 Web Service Worker Hijacking Traffic interception Content manipulation Credential theft High Medium High
91 90 Database Database Connection Pool Exhaustion Service unavailability Transaction failure Performance impact Medium Medium High
92 91 Database Time-Series Database Overflow Data loss Analysis impact Storage exhaustion Medium Medium High
93 92 Database Database Replication Lag Data inconsistency Read errors Application impact Medium Medium High
94 93 Database NoSQL Injection Data manipulation Unauthorized access Service disruption High High High
95 94 Database Database Schema Poisoning Data integrity Application errors Service disruption High High Critical
96 95 Network SDN Controller Compromise Network manipulation Traffic redirection Wide impact High High Critical
97 96 Network Load Balancer Configuration Drift Service disruption Performance impact Availability issues Medium Medium High
98 97 Network Network Device Firmware Compromise Traffic manipulation Security bypass Performance impact High High Critical
99 98 Security SSL/TLS Version Deprecation Service incompatibility Security weakness Compliance violation Low Medium High
100 99 Network Network Time Protocol Attack Time sync issue Certificate validation Authentication issue High Medium High
101 100 DevOps Infrastructure as Code Template Poisoning Resource misconfig Security bypass Deployment pollution High High Critical
102 101 Container Container Base Image Compromise Widespread infection Build pollution Development impact High High Critical
103 102 DevOps Artifact Repository Compromise Build corruption Deployment pollution Development impact High High Critical
104 103 DevOps Development Tool Chain Breach Code manipulation Build corruption Deployment risk High High Critical
105 104 Configuration Configuration Management Tool Compromise System misconfig Security bypass Wide impact High High Critical
106 105 Mobile Mobile Device Management Bypass Policy enforcement Data protection Compliance violation Medium Medium High
107 106 Endpoint Endpoint Protection Failure Malware exposure System compromise Data theft Medium High High
108 107 Mobile BYOD Policy Violation Data exposure Network risk Compliance violation Medium Medium Medium
109 108 Remote Access Remote Desktop Protocol Exposure Unauthorized access System compromise Lateral movement High High High
110 109 Endpoint Local Administrator Rights Abuse System compromise Malware installation Security bypass Medium Medium High
111 110 Business Automated Payment System Compromise Financial loss Transaction fraud Business impact High High Critical
112 111 Business Business Email Compromise Financial fraud Data theft Relationship damage High High Critical
113 112 Document Document Management System Breach Information disclosure IP theft Compliance violation High High High
114 113 Business Customer Support System Compromise Data exposure Service manipulation Trust violation High High High
115 114 HR HR System Data Breach Personal data exposure Legal liability Employee trust High High Critical
116 115 AI Machine Learning Model Extraction IP theft Competitive loss Service replication High High High
117 116 AI Deep Fake Authentication Bypass Identity fraud Access control bypass Trust violation High High High
118 117 Edge Computing Edge Computing Node Compromise Data exposure Service manipulation Network breach High High High
119 118 IoT Digital Twin Manipulation Decision impact Operational disruption Safety risk High High High
120 119 Security Zero-Trust Architecture Bypass Security model failure Access control bypass Trust violation High High Critical