From 8bb97412e832881198da3c23777d445ef14e9b3d Mon Sep 17 00:00:00 2001
From: Amir <amirsabani303@gmail.com>
Date: Mon, 10 Feb 2025 09:25:39 +0100
Subject: [PATCH 1/3] Admin register for Risk

---
 backend/core/admin.py |   8 ++-
 test.cvs              | 120 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 127 insertions(+), 1 deletion(-)
 create mode 100644 test.cvs

diff --git a/backend/core/admin.py b/backend/core/admin.py
index 365be69..50dc76d 100644
--- a/backend/core/admin.py
+++ b/backend/core/admin.py
@@ -1,5 +1,5 @@
 from django.contrib import admin
-from .models import Document, DocumentSegment, Organization
+from .models import Document, DocumentSegment, Organization, Risk
 
 class DocumentSegmentInline(admin.StackedInline):
     model = DocumentSegment
@@ -17,5 +17,11 @@ class OrganizationAdmin(admin.ModelAdmin):
     list_display = ('name', 'email', 'industry_sector')
     search_fields = ['name', 'email']
 
+class RiskAdmin(admin.ModelAdmin):
+    ordering = ['risk_id']
+    list_display = ['risk_id','risk_name','category']
+
+
 admin.site.register(Document, DocumentAdmin)
 admin.site.register(Organization, OrganizationAdmin)
+admin.site.register(Risk ,RiskAdmin)
diff --git a/test.cvs b/test.cvs
new file mode 100644
index 0000000..1106810
--- /dev/null
+++ b/test.cvs
@@ -0,0 +1,120 @@
+Risk ID,Category,Risk Name,Primary Impact,Secondary Impact,Tertiary Impact,Detection Difficulty,Recovery Complexity,Business Impact Severity
+1,Staffing,Lack of Sufficient IT/Security Staffing,Delayed incident response,Security control degradation,Increased staff burnout,Low,High,High
+2,Infrastructure,Single Points of Failure in Infrastructure,Service disruption,Business continuity impact,Recovery delays,Medium,High,Critical
+3,Infrastructure,Aging Infrastructure Risks,System instability,Support limitations,Performance degradation,Medium,High,High
+4,Systems,Legacy Operating Systems and Applications,Security vulnerabilities,Compatibility issues,Support limitations,Medium,High,High
+5,Security,SSL Certificate Private Key Exposure,Data interception,Trust violation,Compliance breach,High,Medium,Critical
+6,Security,DDoS Attack,Service unavailability,Revenue loss,Reputation damage,Low,Medium,High
+7,Cloud,Misconfigured Cloud Services,Data exposure,Unauthorized access,Compliance violation,Medium,Medium,Critical
+8,Data,Accidental Data Disclosure,Information leakage,Compliance violation,Reputation damage,Low,Medium,High
+9,Source Code,Source Code Exposure,IP theft,Security vulnerability exposure,Competitive disadvantage,High,High,Critical
+10,Endpoint,Unapproved Software Installation,Malware risk,System instability,Compliance violation,Medium,Low,Medium
+11,Access,Insider Privilege Escalation,Unauthorized access,Data theft,System compromise,High,Medium,High
+12,Malware,Commodity/Drive-by Malware,System infection,Data theft,Resource consumption,Low,Medium,Medium
+13,Supply Chain,Third Party Code Compromise,System compromise,Data theft,Trust violation,High,High,Critical
+14,Security,Developer Spear Phishing,Code base compromise,Product infection,Customer impact,High,High,Critical
+15,Security,Back-office User Phishing,Credential theft,Financial fraud,System compromise,Medium,Medium,High
+16,Physical,Unauthorized Physical Access,Asset theft,Data exposure,System compromise,Low,Medium,High
+17,Endpoint,Developer Laptop Loss/Theft,Data exposure,Credential compromise,System access risk,Low,Medium,High
+18,Malware,Ransomware Infection,Data encryption,Business disruption,Financial impact,Medium,High,Critical
+19,Security,Web-facing Vulnerability Exploitation,System compromise,Data theft,Service disruption,Medium,High,High
+20,Infrastructure,Cloud Provider Service Outage,Service disruption,Revenue loss,Customer impact,Low,High,Critical
+21,Data,Database Corruption,Data integrity loss,Service disruption,Recovery effort,Medium,High,High
+22,Backup,Misconfigured Backup Systems,Data loss risk,Recovery failure,Compliance impact,Medium,High,Critical
+23,Network,Network Segmentation Failure,Security zone breach,Lateral movement risk,Compliance violation,High,Medium,High
+24,API,API Gateway Compromise,Unauthorized access,Data exposure,Service manipulation,High,High,Critical
+25,Access,Compromised Service Account,System access breach,Privilege escalation,Audit corruption,High,Medium,High
+26,Identity,Failed Identity Provider,Authentication failure,Service disruption,Productivity loss,Low,High,Critical
+27,Infrastructure,Expired Domain Controller Certificates,Authentication failure,Service disruption,Business impact,Low,Medium,High
+28,Access,Privilege Creep,Excessive access,Compliance violation,Security risk,Medium,Medium,Medium
+29,Security,Compromised Password Manager,Credential exposure,Multiple system risk,Extended compromise,High,High,Critical
+30,DevOps,CI/CD Pipeline Compromise,Code integrity breach,Malicious deployment,Customer impact,High,High,Critical
+31,Supply Chain,Dependency Supply Chain Attack,System compromise,Widespread impact,Detection evasion,High,High,Critical
+32,Development,Development Environment Compromise,Source code theft,Build corruption,IP loss,High,High,Critical
+33,Container,Container Image Compromise,Production infection,Lateral movement,Data theft,High,High,High
+34,Source Code,Code Repository Breach,IP theft,Secret exposure,Development impact,High,High,Critical
+35,Network,BGP Route Hijacking,Traffic redirection,Data interception,Service disruption,High,High,Critical
+36,Network,VPN Concentrator Failure,Remote access loss,Security bypass risk,Productivity impact,Low,Medium,High
+37,Network,DNS Cache Poisoning,Traffic misdirection,Data interception,Trust violation,High,Medium,High
+38,Email,Email Gateway Failure,Communication disruption,Security exposure,Business impact,Low,Medium,High
+39,Network,Wireless Network Compromise,Unauthorized access,Data interception,Network breach,Medium,Medium,High
+40,Storage,Storage Array Failure,Data unavailability,Service disruption,Business impact,Low,High,Critical
+41,Security,Encryption Key Loss,Data inaccessibility,Recovery impossibility,Business impact,Medium,High,Critical
+42,Data,Data Classification Error,Inappropriate access,Compliance violation,Security exposure,Medium,Medium,High
+43,Storage,Archive System Failure,Compliance violation,Legal impact,Data retention failure,Medium,High,High
+44,Data,Unauthorized Data Transfer,Data leakage,Compliance violation,Regulatory impact,High,Medium,High
+45,Change,Change Control Bypass,System instability,Security bypass,Audit violation,Medium,Medium,High
+46,Configuration,CMDB Corruption,Asset tracking failure,Audit impact,Security planning,Medium,High,Medium
+47,Automation,Automated Provisioning Failure,Resource allocation,Service delay,Security bypass,Medium,Medium,Medium
+48,Security,Security Tool Misconfiguration,Detection failure,Alert flooding,Control effectiveness,Medium,Medium,High
+49,Security,Policy Enforcement Point Failure,Control bypass,Compliance violation,Security gap,Medium,Medium,High
+50,Vendor,Vendor Remote Access Compromise,Unauthorized access,System compromise,Trust violation,High,High,High
+51,Cloud,Cloud Service Provider API Change,Integration failure,Service disruption,Development impact,Medium,Medium,High
+52,Vendor,Managed Service Provider Breach,Multiple client impact,Data exposure,Trust violation,High,High,Critical
+53,Supply Chain,Third Party Software Update Compromise,System infection,Trust violation,Wide impact,High,High,Critical
+54,Vendor,Vendor Bankruptcy/Closure,Support loss,Security gap,Migration requirement,Low,High,High
+55,Physical,Data Center Power Event,Service disruption,Hardware damage,Data corruption,Low,High,Critical
+56,Physical,Natural Disaster Impact,Infrastructure damage,Service disruption,Business impact,Low,High,Critical
+57,Physical,HVAC System Failure,Hardware risk,System instability,Performance impact,Low,Medium,High
+58,Physical,Fire Suppression System Discharge,Hardware damage,Service disruption,Recovery effort,Low,High,Critical
+59,Physical,Physical Security System Failure,Unauthorized access,Asset risk,Compliance violation,Medium,Medium,High
+60,Compliance,Audit Finding Non-remediation,Regulatory penalty,Certification loss,Legal exposure,Medium,High,High
+61,Compliance,Privacy Regulation Violation,Financial penalty,Reputation damage,Legal exposure,Medium,High,Critical
+62,Compliance,Data Sovereignty Violation,Regulatory penalty,Legal exposure,Service restriction,Medium,High,High
+63,Compliance,Export Control Violation,Legal penalty,Business restriction,Regulatory impact,Medium,High,High
+64,Compliance,License Compliance Violation,Financial penalty,Legal exposure,Vendor impact,Medium,Medium,High
+65,Emerging Tech,AI Model Poisoning,Decision corruption,Service degradation,Recovery effort,High,High,High
+66,Emerging Tech,Quantum Computing Threat,Encryption risk,Authentication risk,Security model impact,High,High,Critical
+67,IoT,IoT Device Compromise,Network breach,Data collection,Control system risk,High,Medium,High
+68,Blockchain,Smart Contract Vulnerability,Financial loss,Transaction manipulation,System integrity,High,High,High
+69,Network,5G Infrastructure Exploitation,Communication compromise,Data interception,Service disruption,High,High,High
+70,Authentication,Password Hash Leak,Credential compromise,Multiple system risk,Extended exposure,High,High,Critical
+71,Authentication,OAuth Token Exposure,API compromise,Service impersonation,Data breach,High,Medium,High
+72,Authentication,Session Token Hijacking,Account takeover,Unauthorized access,Transaction fraud,High,Medium,High
+73,Authentication,SAML Certificate Expiration,SSO failure,Service disruption,Business impact,Low,Medium,High
+74,Identity,Directory Service Sync Failure,Account issues,Access control gap,User management,Medium,Medium,High
+75,Cloud,Container Orchestration Platform Compromise,Workload manipulation,Resource theft,Multi-tenant impact,High,High,Critical
+76,Cloud,Cloud Storage Bucket Enumeration,Data discovery,Privacy breach,Compliance violation,Medium,Medium,High
+77,Cloud,Serverless Function Injection,Code execution,Resource theft,Service manipulation,High,High,High
+78,Cloud,Cloud IAM Role Misconfiguration,Excessive permissions,Resource exposure,Privilege escalation,Medium,Medium,High
+79,Network,Cloud Network ACL Bypass,Unauthorized access,Security breach,Data exposure,High,Medium,High
+80,Security,SIEM System Failure,Alert loss,Detection gap,Compliance violation,Medium,High,Critical
+81,Security,Log Aggregation System Overflow,Data loss,Detection gap,Compliance violation,Medium,Medium,High
+82,Security,Security Tool Alert Fatigue,Missed detection,Response delay,Control effectiveness,Medium,Medium,High
+83,Security,Monitoring System False Positives,Resource waste,Response delay,Detection accuracy,Medium,Low,Medium
+84,Network,Network Sensor Blind Spots,Visibility gap,Detection evasion,Investigation limit,High,Medium,High
+85,API,API Rate Limiting Bypass,Resource exhaustion,Service disruption,Cost impact,Medium,Low,Medium
+86,API,GraphQL Query Depth Attack,Resource consumption,Service degradation,Performance impact,High,Medium,High
+87,Web,Web Application Cache Poisoning,Content manipulation,User impact,Service integrity,High,Medium,High
+88,Web,Client-Side Template Injection,Data theft,User manipulation,Content integrity,High,Medium,High
+89,Web,Service Worker Hijacking,Traffic interception,Content manipulation,Credential theft,High,Medium,High
+90,Database,Database Connection Pool Exhaustion,Service unavailability,Transaction failure,Performance impact,Medium,Medium,High
+91,Database,Time-Series Database Overflow,Data loss,Analysis impact,Storage exhaustion,Medium,Medium,High
+92,Database,Database Replication Lag,Data inconsistency,Read errors,Application impact,Medium,Medium,High
+93,Database,NoSQL Injection,Data manipulation,Unauthorized access,Service disruption,High,High,High
+94,Database,Database Schema Poisoning,Data integrity,Application errors,Service disruption,High,High,Critical
+95,Network,SDN Controller Compromise,Network manipulation,Traffic redirection,Wide impact,High,High,Critical
+96,Network,Load Balancer Configuration Drift,Service disruption,Performance impact,Availability issues,Medium,Medium,High
+97,Network,Network Device Firmware Compromise,Traffic manipulation,Security bypass,Performance impact,High,High,Critical
+98,Security,SSL/TLS Version Deprecation,Service incompatibility,Security weakness,Compliance violation,Low,Medium,High
+99,Network,Network Time Protocol Attack,Time sync issue,Certificate validation,Authentication issue,High,Medium,High
+100,DevOps,Infrastructure as Code Template Poisoning,Resource misconfig,Security bypass,Deployment pollution,High,High,Critical
+101,Container,Container Base Image Compromise,Widespread infection,Build pollution,Development impact,High,High,Critical
+102,DevOps,Artifact Repository Compromise,Build corruption,Deployment pollution,Development impact,High,High,Critical
+103,DevOps,Development Tool Chain Breach,Code manipulation,Build corruption,Deployment risk,High,High,Critical
+104,Configuration,Configuration Management Tool Compromise,System misconfig,Security bypass,Wide impact,High,High,Critical
+105,Mobile,Mobile Device Management Bypass,Policy enforcement,Data protection,Compliance violation,Medium,Medium,High
+106,Endpoint,Endpoint Protection Failure,Malware exposure,System compromise,Data theft,Medium,High,High
+107,Mobile,BYOD Policy Violation,Data exposure,Network risk,Compliance violation,Medium,Medium,Medium
+108,Remote Access,Remote Desktop Protocol Exposure,Unauthorized access,System compromise,Lateral movement,High,High,High
+109,Endpoint,Local Administrator Rights Abuse,System compromise,Malware installation,Security bypass,Medium,Medium,High
+110,Business,Automated Payment System Compromise,Financial loss,Transaction fraud,Business impact,High,High,Critical
+111,Business,Business Email Compromise,Financial fraud,Data theft,Relationship damage,High,High,Critical
+112,Document,Document Management System Breach,Information disclosure,IP theft,Compliance violation,High,High,High
+113,Business,Customer Support System Compromise,Data exposure,Service manipulation,Trust violation,High,High,High
+114,HR,HR System Data Breach,Personal data exposure,Legal liability,Employee trust,High,High,Critical
+115,AI,Machine Learning Model Extraction,IP theft,Competitive loss,Service replication,High,High,High
+116,AI,Deep Fake Authentication Bypass,Identity fraud,Access control bypass,Trust violation,High,High,High
+117,Edge Computing,Edge Computing Node Compromise,Data exposure,Service manipulation,Network breach,High,High,High
+118,IoT,Digital Twin Manipulation,Decision impact,Operational disruption,Safety risk,High,High,High
+119,Security,Zero-Trust Architecture Bypass,Security model failure,Access control bypass,Trust violation,High,High,Critical

From fb627038949f33f621d09498bd2df2a454fbda40 Mon Sep 17 00:00:00 2001
From: Amir <amirsabani303@gmail.com>
Date: Mon, 10 Feb 2025 09:27:56 +0100
Subject: [PATCH 2/3] removing test.cvs

---
 test.cvs | 120 -------------------------------------------------------
 1 file changed, 120 deletions(-)
 delete mode 100644 test.cvs

diff --git a/test.cvs b/test.cvs
deleted file mode 100644
index 1106810..0000000
--- a/test.cvs
+++ /dev/null
@@ -1,120 +0,0 @@
-Risk ID,Category,Risk Name,Primary Impact,Secondary Impact,Tertiary Impact,Detection Difficulty,Recovery Complexity,Business Impact Severity
-1,Staffing,Lack of Sufficient IT/Security Staffing,Delayed incident response,Security control degradation,Increased staff burnout,Low,High,High
-2,Infrastructure,Single Points of Failure in Infrastructure,Service disruption,Business continuity impact,Recovery delays,Medium,High,Critical
-3,Infrastructure,Aging Infrastructure Risks,System instability,Support limitations,Performance degradation,Medium,High,High
-4,Systems,Legacy Operating Systems and Applications,Security vulnerabilities,Compatibility issues,Support limitations,Medium,High,High
-5,Security,SSL Certificate Private Key Exposure,Data interception,Trust violation,Compliance breach,High,Medium,Critical
-6,Security,DDoS Attack,Service unavailability,Revenue loss,Reputation damage,Low,Medium,High
-7,Cloud,Misconfigured Cloud Services,Data exposure,Unauthorized access,Compliance violation,Medium,Medium,Critical
-8,Data,Accidental Data Disclosure,Information leakage,Compliance violation,Reputation damage,Low,Medium,High
-9,Source Code,Source Code Exposure,IP theft,Security vulnerability exposure,Competitive disadvantage,High,High,Critical
-10,Endpoint,Unapproved Software Installation,Malware risk,System instability,Compliance violation,Medium,Low,Medium
-11,Access,Insider Privilege Escalation,Unauthorized access,Data theft,System compromise,High,Medium,High
-12,Malware,Commodity/Drive-by Malware,System infection,Data theft,Resource consumption,Low,Medium,Medium
-13,Supply Chain,Third Party Code Compromise,System compromise,Data theft,Trust violation,High,High,Critical
-14,Security,Developer Spear Phishing,Code base compromise,Product infection,Customer impact,High,High,Critical
-15,Security,Back-office User Phishing,Credential theft,Financial fraud,System compromise,Medium,Medium,High
-16,Physical,Unauthorized Physical Access,Asset theft,Data exposure,System compromise,Low,Medium,High
-17,Endpoint,Developer Laptop Loss/Theft,Data exposure,Credential compromise,System access risk,Low,Medium,High
-18,Malware,Ransomware Infection,Data encryption,Business disruption,Financial impact,Medium,High,Critical
-19,Security,Web-facing Vulnerability Exploitation,System compromise,Data theft,Service disruption,Medium,High,High
-20,Infrastructure,Cloud Provider Service Outage,Service disruption,Revenue loss,Customer impact,Low,High,Critical
-21,Data,Database Corruption,Data integrity loss,Service disruption,Recovery effort,Medium,High,High
-22,Backup,Misconfigured Backup Systems,Data loss risk,Recovery failure,Compliance impact,Medium,High,Critical
-23,Network,Network Segmentation Failure,Security zone breach,Lateral movement risk,Compliance violation,High,Medium,High
-24,API,API Gateway Compromise,Unauthorized access,Data exposure,Service manipulation,High,High,Critical
-25,Access,Compromised Service Account,System access breach,Privilege escalation,Audit corruption,High,Medium,High
-26,Identity,Failed Identity Provider,Authentication failure,Service disruption,Productivity loss,Low,High,Critical
-27,Infrastructure,Expired Domain Controller Certificates,Authentication failure,Service disruption,Business impact,Low,Medium,High
-28,Access,Privilege Creep,Excessive access,Compliance violation,Security risk,Medium,Medium,Medium
-29,Security,Compromised Password Manager,Credential exposure,Multiple system risk,Extended compromise,High,High,Critical
-30,DevOps,CI/CD Pipeline Compromise,Code integrity breach,Malicious deployment,Customer impact,High,High,Critical
-31,Supply Chain,Dependency Supply Chain Attack,System compromise,Widespread impact,Detection evasion,High,High,Critical
-32,Development,Development Environment Compromise,Source code theft,Build corruption,IP loss,High,High,Critical
-33,Container,Container Image Compromise,Production infection,Lateral movement,Data theft,High,High,High
-34,Source Code,Code Repository Breach,IP theft,Secret exposure,Development impact,High,High,Critical
-35,Network,BGP Route Hijacking,Traffic redirection,Data interception,Service disruption,High,High,Critical
-36,Network,VPN Concentrator Failure,Remote access loss,Security bypass risk,Productivity impact,Low,Medium,High
-37,Network,DNS Cache Poisoning,Traffic misdirection,Data interception,Trust violation,High,Medium,High
-38,Email,Email Gateway Failure,Communication disruption,Security exposure,Business impact,Low,Medium,High
-39,Network,Wireless Network Compromise,Unauthorized access,Data interception,Network breach,Medium,Medium,High
-40,Storage,Storage Array Failure,Data unavailability,Service disruption,Business impact,Low,High,Critical
-41,Security,Encryption Key Loss,Data inaccessibility,Recovery impossibility,Business impact,Medium,High,Critical
-42,Data,Data Classification Error,Inappropriate access,Compliance violation,Security exposure,Medium,Medium,High
-43,Storage,Archive System Failure,Compliance violation,Legal impact,Data retention failure,Medium,High,High
-44,Data,Unauthorized Data Transfer,Data leakage,Compliance violation,Regulatory impact,High,Medium,High
-45,Change,Change Control Bypass,System instability,Security bypass,Audit violation,Medium,Medium,High
-46,Configuration,CMDB Corruption,Asset tracking failure,Audit impact,Security planning,Medium,High,Medium
-47,Automation,Automated Provisioning Failure,Resource allocation,Service delay,Security bypass,Medium,Medium,Medium
-48,Security,Security Tool Misconfiguration,Detection failure,Alert flooding,Control effectiveness,Medium,Medium,High
-49,Security,Policy Enforcement Point Failure,Control bypass,Compliance violation,Security gap,Medium,Medium,High
-50,Vendor,Vendor Remote Access Compromise,Unauthorized access,System compromise,Trust violation,High,High,High
-51,Cloud,Cloud Service Provider API Change,Integration failure,Service disruption,Development impact,Medium,Medium,High
-52,Vendor,Managed Service Provider Breach,Multiple client impact,Data exposure,Trust violation,High,High,Critical
-53,Supply Chain,Third Party Software Update Compromise,System infection,Trust violation,Wide impact,High,High,Critical
-54,Vendor,Vendor Bankruptcy/Closure,Support loss,Security gap,Migration requirement,Low,High,High
-55,Physical,Data Center Power Event,Service disruption,Hardware damage,Data corruption,Low,High,Critical
-56,Physical,Natural Disaster Impact,Infrastructure damage,Service disruption,Business impact,Low,High,Critical
-57,Physical,HVAC System Failure,Hardware risk,System instability,Performance impact,Low,Medium,High
-58,Physical,Fire Suppression System Discharge,Hardware damage,Service disruption,Recovery effort,Low,High,Critical
-59,Physical,Physical Security System Failure,Unauthorized access,Asset risk,Compliance violation,Medium,Medium,High
-60,Compliance,Audit Finding Non-remediation,Regulatory penalty,Certification loss,Legal exposure,Medium,High,High
-61,Compliance,Privacy Regulation Violation,Financial penalty,Reputation damage,Legal exposure,Medium,High,Critical
-62,Compliance,Data Sovereignty Violation,Regulatory penalty,Legal exposure,Service restriction,Medium,High,High
-63,Compliance,Export Control Violation,Legal penalty,Business restriction,Regulatory impact,Medium,High,High
-64,Compliance,License Compliance Violation,Financial penalty,Legal exposure,Vendor impact,Medium,Medium,High
-65,Emerging Tech,AI Model Poisoning,Decision corruption,Service degradation,Recovery effort,High,High,High
-66,Emerging Tech,Quantum Computing Threat,Encryption risk,Authentication risk,Security model impact,High,High,Critical
-67,IoT,IoT Device Compromise,Network breach,Data collection,Control system risk,High,Medium,High
-68,Blockchain,Smart Contract Vulnerability,Financial loss,Transaction manipulation,System integrity,High,High,High
-69,Network,5G Infrastructure Exploitation,Communication compromise,Data interception,Service disruption,High,High,High
-70,Authentication,Password Hash Leak,Credential compromise,Multiple system risk,Extended exposure,High,High,Critical
-71,Authentication,OAuth Token Exposure,API compromise,Service impersonation,Data breach,High,Medium,High
-72,Authentication,Session Token Hijacking,Account takeover,Unauthorized access,Transaction fraud,High,Medium,High
-73,Authentication,SAML Certificate Expiration,SSO failure,Service disruption,Business impact,Low,Medium,High
-74,Identity,Directory Service Sync Failure,Account issues,Access control gap,User management,Medium,Medium,High
-75,Cloud,Container Orchestration Platform Compromise,Workload manipulation,Resource theft,Multi-tenant impact,High,High,Critical
-76,Cloud,Cloud Storage Bucket Enumeration,Data discovery,Privacy breach,Compliance violation,Medium,Medium,High
-77,Cloud,Serverless Function Injection,Code execution,Resource theft,Service manipulation,High,High,High
-78,Cloud,Cloud IAM Role Misconfiguration,Excessive permissions,Resource exposure,Privilege escalation,Medium,Medium,High
-79,Network,Cloud Network ACL Bypass,Unauthorized access,Security breach,Data exposure,High,Medium,High
-80,Security,SIEM System Failure,Alert loss,Detection gap,Compliance violation,Medium,High,Critical
-81,Security,Log Aggregation System Overflow,Data loss,Detection gap,Compliance violation,Medium,Medium,High
-82,Security,Security Tool Alert Fatigue,Missed detection,Response delay,Control effectiveness,Medium,Medium,High
-83,Security,Monitoring System False Positives,Resource waste,Response delay,Detection accuracy,Medium,Low,Medium
-84,Network,Network Sensor Blind Spots,Visibility gap,Detection evasion,Investigation limit,High,Medium,High
-85,API,API Rate Limiting Bypass,Resource exhaustion,Service disruption,Cost impact,Medium,Low,Medium
-86,API,GraphQL Query Depth Attack,Resource consumption,Service degradation,Performance impact,High,Medium,High
-87,Web,Web Application Cache Poisoning,Content manipulation,User impact,Service integrity,High,Medium,High
-88,Web,Client-Side Template Injection,Data theft,User manipulation,Content integrity,High,Medium,High
-89,Web,Service Worker Hijacking,Traffic interception,Content manipulation,Credential theft,High,Medium,High
-90,Database,Database Connection Pool Exhaustion,Service unavailability,Transaction failure,Performance impact,Medium,Medium,High
-91,Database,Time-Series Database Overflow,Data loss,Analysis impact,Storage exhaustion,Medium,Medium,High
-92,Database,Database Replication Lag,Data inconsistency,Read errors,Application impact,Medium,Medium,High
-93,Database,NoSQL Injection,Data manipulation,Unauthorized access,Service disruption,High,High,High
-94,Database,Database Schema Poisoning,Data integrity,Application errors,Service disruption,High,High,Critical
-95,Network,SDN Controller Compromise,Network manipulation,Traffic redirection,Wide impact,High,High,Critical
-96,Network,Load Balancer Configuration Drift,Service disruption,Performance impact,Availability issues,Medium,Medium,High
-97,Network,Network Device Firmware Compromise,Traffic manipulation,Security bypass,Performance impact,High,High,Critical
-98,Security,SSL/TLS Version Deprecation,Service incompatibility,Security weakness,Compliance violation,Low,Medium,High
-99,Network,Network Time Protocol Attack,Time sync issue,Certificate validation,Authentication issue,High,Medium,High
-100,DevOps,Infrastructure as Code Template Poisoning,Resource misconfig,Security bypass,Deployment pollution,High,High,Critical
-101,Container,Container Base Image Compromise,Widespread infection,Build pollution,Development impact,High,High,Critical
-102,DevOps,Artifact Repository Compromise,Build corruption,Deployment pollution,Development impact,High,High,Critical
-103,DevOps,Development Tool Chain Breach,Code manipulation,Build corruption,Deployment risk,High,High,Critical
-104,Configuration,Configuration Management Tool Compromise,System misconfig,Security bypass,Wide impact,High,High,Critical
-105,Mobile,Mobile Device Management Bypass,Policy enforcement,Data protection,Compliance violation,Medium,Medium,High
-106,Endpoint,Endpoint Protection Failure,Malware exposure,System compromise,Data theft,Medium,High,High
-107,Mobile,BYOD Policy Violation,Data exposure,Network risk,Compliance violation,Medium,Medium,Medium
-108,Remote Access,Remote Desktop Protocol Exposure,Unauthorized access,System compromise,Lateral movement,High,High,High
-109,Endpoint,Local Administrator Rights Abuse,System compromise,Malware installation,Security bypass,Medium,Medium,High
-110,Business,Automated Payment System Compromise,Financial loss,Transaction fraud,Business impact,High,High,Critical
-111,Business,Business Email Compromise,Financial fraud,Data theft,Relationship damage,High,High,Critical
-112,Document,Document Management System Breach,Information disclosure,IP theft,Compliance violation,High,High,High
-113,Business,Customer Support System Compromise,Data exposure,Service manipulation,Trust violation,High,High,High
-114,HR,HR System Data Breach,Personal data exposure,Legal liability,Employee trust,High,High,Critical
-115,AI,Machine Learning Model Extraction,IP theft,Competitive loss,Service replication,High,High,High
-116,AI,Deep Fake Authentication Bypass,Identity fraud,Access control bypass,Trust violation,High,High,High
-117,Edge Computing,Edge Computing Node Compromise,Data exposure,Service manipulation,Network breach,High,High,High
-118,IoT,Digital Twin Manipulation,Decision impact,Operational disruption,Safety risk,High,High,High
-119,Security,Zero-Trust Architecture Bypass,Security model failure,Access control bypass,Trust violation,High,High,Critical

From 1008a778c0fabbf42a7cbf84d72a6cb05903f9ac Mon Sep 17 00:00:00 2001
From: Amir <amirsabani303@gmail.com>
Date: Mon, 10 Feb 2025 13:49:15 +0100
Subject: [PATCH 3/3] added AI analysis

---
 backend/core/templates/thankyou.html | 31 +++++++++++++++
 backend/core/utils.py                | 56 ++++++++++++++++++++++++++++
 backend/core/views.py                | 24 ++++++++++--
 backend/settings.py                  |  6 +++
 4 files changed, 114 insertions(+), 3 deletions(-)
 create mode 100644 backend/core/utils.py

diff --git a/backend/core/templates/thankyou.html b/backend/core/templates/thankyou.html
index 0dbbd16..25d161f 100644
--- a/backend/core/templates/thankyou.html
+++ b/backend/core/templates/thankyou.html
@@ -7,6 +7,37 @@
             We will send the document to {{ email }} when it is ready.
         </div>
     </div>
+    <h2>Top 10 Identified Risks</h2>
+    <table class="table table-striped table-bordered">
+        <thead>
+            <tr>
+                <th scope="col">Risk ID</th>
+                <th scope="col">Risk Name</th>
+                <th scope="col">Category</th>
+                <th scope="col">Primary Impact</th>
+                <th scope="col">Secondary Impact</th>
+                <th scope="col">Tertiary Impact</th>
+                <th scope="col">Detection Difficulty</th>
+                <th scope="col">Recovery Complexity</th>
+                <th scope="col">Business Impact Severity</th>
+            </tr>
+        </thead>
+        <tbody>
+            {% for risk in top_risks %}
+                <tr>
+                    <td>{{ risk.risk_id }}</td>
+                    <td>{{ risk.risk_name }}</td>
+                    <td>{{ risk.category }}</td>
+                    <td>{{ risk.primary_impact }}</td>
+                    <td>{{ risk.secondary_impact }}</td>
+                    <td>{{ risk.tretiary_impact }}</td>
+                    <td>{{ risk.detection_difficulty }}</td>
+                    <td>{{ risk.recovery_complexity }}</td>
+                    <td>{{ risk.businnes_impact_severity }}</td>
+                </tr>
+            {% endfor %}
+        </tbody>
+    </table>
 </div>
 {% endblock content %}
 
diff --git a/backend/core/utils.py b/backend/core/utils.py
new file mode 100644
index 0000000..ddc7039
--- /dev/null
+++ b/backend/core/utils.py
@@ -0,0 +1,56 @@
+from openai import OpenAI
+from django.conf import settings
+from .models import Risk
+
+def extract_risk_factors(organization):
+    excluded_fields={"name","email"}
+    risk_data = {}
+
+    for field in organization._meta.get_fields():
+        if field.name not in excluded_fields and hasattr(organization, field.name):
+            value = getattr(organization, field.name)
+            if value:
+                risk_data[field.name] = value
+    return risk_data
+
+from openai import OpenAI
+from django.conf import settings
+from .models import Risk
+
+def get_top_risk(organization):
+    client = OpenAI(api_key=settings.OPENAI_API_KEY)
+
+    all_risks = Risk.objects.all()
+
+    risk_list = []
+    for risk in all_risks:
+        risk_list.append(f"""
+        Risk ID: {risk.risk_id}
+        Category: {risk.category}
+        Name: {risk.risk_name}
+        Primary Impact: {risk.primary_impact}
+        """)
+
+    risk_factors = extract_risk_factors(organization)
+
+    prompt = f"""
+    You are an AI risk assessor. Based on the following company details and list of known risks,
+    identify the 10 most critical risks for this company. Respond only with risk IDs.
+
+    Company Details:
+    {risk_factors}
+
+    List of Risks:
+    {risk_list}
+
+    Provide only the 10 most critical risk IDs in a simple comma-separated format, e.g "1,3,7,12,..."
+    """
+
+    response = client.chat.completions.create(
+        model="gpt-4",
+        messages=[{"role": "system", "content": prompt}]
+    )
+
+    risk_ids = response.choices[0].message.content.strip().split(",")
+
+    return [int(risk_id) for risk_id in risk_ids if risk_id.isdigit()]
diff --git a/backend/core/views.py b/backend/core/views.py
index dffb9c4..3940a79 100644
--- a/backend/core/views.py
+++ b/backend/core/views.py
@@ -2,7 +2,8 @@ import logging
 
 from django.shortcuts import render, redirect
 from .forms import OrganizationForm
-
+from .models import Organization,Document,Risk
+from backend.core.utils import get_top_risk
 # @login_required
 # def index(request):
 #     return HttpResponse('<h1>Django</h1><p>Página simples.</p>')
@@ -19,8 +20,25 @@ def signup(request):
     if request.method == 'POST':
         form = OrganizationForm(request.POST)
         if form.is_valid():
-            form.save()
-            return render(request, 'thankyou.html', {'email': form.data['email']})
+            organization = form.save()
+            print(f"Organization :{organization}")
+            top_risk_ids = get_top_risk(organization)
+            print(f"Top risks: {top_risk_ids}")
+            top_risks = Risk.objects.filter(risk_id__in = top_risk_ids)
+            print(f"Final: {top_risks}")
+
+            document = Document.objects.create(organization=organization)
+            document.add_segment('h1', "Top 10 Risk Identified")
+
+            for risk in top_risks:
+                document.add_segment('h2',f"Risk: {risk.risk_id}:{risk.risk_name}")
+                document.add_segment('body',f"Category: {risk.category} \n Primary Impact: {risk.primary_impact} \n Secondary Impact: {risk.secondary_impact} \n Tertiary Impact: {risk.tretiary_impact} \n Detection Difficulty: {risk.detection_difficulty} \n Recovery Complexity: {risk.recovery_complexity} \n Business Impact Severity: {risk.businnes_impact_severity} ")
+
+            return render(request, 'thankyou.html', {
+                'email': form.data['email'],
+                'top_risks':top_risks,
+                'document':document
+                })
         else:
             logging.error(form.errors)
             return render(request, 'signup.html', {'form': form})
diff --git a/backend/settings.py b/backend/settings.py
index 33856be..885a7cd 100644
--- a/backend/settings.py
+++ b/backend/settings.py
@@ -14,6 +14,12 @@ from pathlib import Path
 
 from decouple import Csv, config
 from dj_database_url import parse as dburl
+import os
+from dotenv import load_dotenv
+load_dotenv()
+
+#API key
+OPENAI_API_KEY = os.getenv("OPENAI_API_KEY")
 
 # Build paths inside the project like this: BASE_DIR / 'subdir'.
 BASE_DIR = Path(__file__).resolve().parent.parent