old-riskletpy/risks.csv at 2a51d98d1b92bce2c2750fc6cd47676386911b96

Files

2025-02-07 13:22:17 +01:00

13 KiB

Raw Blame History

1	Risk ID	Category	Risk Name	Primary Impact	Secondary Impact	Tertiary Impact	Detection Difficulty	Recovery Complexity	Business Impact Severity
2	1	Staffing	Lack of Sufficient IT/Security Staffing	Delayed incident response	Security control degradation	Increased staff burnout	Low	High	High
3	2	Infrastructure	Single Points of Failure in Infrastructure	Service disruption	Business continuity impact	Recovery delays	Medium	High	Critical
4	3	Infrastructure	Aging Infrastructure Risks	System instability	Support limitations	Performance degradation	Medium	High	High
5	4	Systems	Legacy Operating Systems and Applications	Security vulnerabilities	Compatibility issues	Support limitations	Medium	High	High
6	5	Security	SSL Certificate Private Key Exposure	Data interception	Trust violation	Compliance breach	High	Medium	Critical
7	6	Security	DDoS Attack	Service unavailability	Revenue loss	Reputation damage	Low	Medium	High
8	7	Cloud	Misconfigured Cloud Services	Data exposure	Unauthorized access	Compliance violation	Medium	Medium	Critical
9	8	Data	Accidental Data Disclosure	Information leakage	Compliance violation	Reputation damage	Low	Medium	High
10	9	Source Code	Source Code Exposure	IP theft	Security vulnerability exposure	Competitive disadvantage	High	High	Critical
11	10	Endpoint	Unapproved Software Installation	Malware risk	System instability	Compliance violation	Medium	Low	Medium
12	11	Access	Insider Privilege Escalation	Unauthorized access	Data theft	System compromise	High	Medium	High
13	12	Malware	Commodity/Drive-by Malware	System infection	Data theft	Resource consumption	Low	Medium	Medium
14	13	Supply Chain	Third Party Code Compromise	System compromise	Data theft	Trust violation	High	High	Critical
15	14	Security	Developer Spear Phishing	Code base compromise	Product infection	Customer impact	High	High	Critical
16	15	Security	Back-office User Phishing	Credential theft	Financial fraud	System compromise	Medium	Medium	High
17	16	Physical	Unauthorized Physical Access	Asset theft	Data exposure	System compromise	Low	Medium	High
18	17	Endpoint	Developer Laptop Loss/Theft	Data exposure	Credential compromise	System access risk	Low	Medium	High
19	18	Malware	Ransomware Infection	Data encryption	Business disruption	Financial impact	Medium	High	Critical
20	19	Security	Web-facing Vulnerability Exploitation	System compromise	Data theft	Service disruption	Medium	High	High
21	20	Infrastructure	Cloud Provider Service Outage	Service disruption	Revenue loss	Customer impact	Low	High	Critical
22	21	Data	Database Corruption	Data integrity loss	Service disruption	Recovery effort	Medium	High	High
23	22	Backup	Misconfigured Backup Systems	Data loss risk	Recovery failure	Compliance impact	Medium	High	Critical
24	23	Network	Network Segmentation Failure	Security zone breach	Lateral movement risk	Compliance violation	High	Medium	High
25	24	API	API Gateway Compromise	Unauthorized access	Data exposure	Service manipulation	High	High	Critical
26	25	Access	Compromised Service Account	System access breach	Privilege escalation	Audit corruption	High	Medium	High
27	26	Identity	Failed Identity Provider	Authentication failure	Service disruption	Productivity loss	Low	High	Critical
28	27	Infrastructure	Expired Domain Controller Certificates	Authentication failure	Service disruption	Business impact	Low	Medium	High
29	28	Access	Privilege Creep	Excessive access	Compliance violation	Security risk	Medium	Medium	Medium
30	29	Security	Compromised Password Manager	Credential exposure	Multiple system risk	Extended compromise	High	High	Critical
31	30	DevOps	CI/CD Pipeline Compromise	Code integrity breach	Malicious deployment	Customer impact	High	High	Critical
32	31	Supply Chain	Dependency Supply Chain Attack	System compromise	Widespread impact	Detection evasion	High	High	Critical
33	32	Development	Development Environment Compromise	Source code theft	Build corruption	IP loss	High	High	Critical
34	33	Container	Container Image Compromise	Production infection	Lateral movement	Data theft	High	High	High
35	34	Source Code	Code Repository Breach	IP theft	Secret exposure	Development impact	High	High	Critical
36	35	Network	BGP Route Hijacking	Traffic redirection	Data interception	Service disruption	High	High	Critical
37	36	Network	VPN Concentrator Failure	Remote access loss	Security bypass risk	Productivity impact	Low	Medium	High
38	37	Network	DNS Cache Poisoning	Traffic misdirection	Data interception	Trust violation	High	Medium	High
39	38	Email	Email Gateway Failure	Communication disruption	Security exposure	Business impact	Low	Medium	High
40	39	Network	Wireless Network Compromise	Unauthorized access	Data interception	Network breach	Medium	Medium	High
41	40	Storage	Storage Array Failure	Data unavailability	Service disruption	Business impact	Low	High	Critical
42	41	Security	Encryption Key Loss	Data inaccessibility	Recovery impossibility	Business impact	Medium	High	Critical
43	42	Data	Data Classification Error	Inappropriate access	Compliance violation	Security exposure	Medium	Medium	High
44	43	Storage	Archive System Failure	Compliance violation	Legal impact	Data retention failure	Medium	High	High
45	44	Data	Unauthorized Data Transfer	Data leakage	Compliance violation	Regulatory impact	High	Medium	High
46	45	Change	Change Control Bypass	System instability	Security bypass	Audit violation	Medium	Medium	High
47	46	Configuration	CMDB Corruption	Asset tracking failure	Audit impact	Security planning	Medium	High	Medium
48	47	Automation	Automated Provisioning Failure	Resource allocation	Service delay	Security bypass	Medium	Medium	Medium
49	48	Security	Security Tool Misconfiguration	Detection failure	Alert flooding	Control effectiveness	Medium	Medium	High
50	49	Security	Policy Enforcement Point Failure	Control bypass	Compliance violation	Security gap	Medium	Medium	High
51	50	Vendor	Vendor Remote Access Compromise	Unauthorized access	System compromise	Trust violation	High	High	High
52	51	Cloud	Cloud Service Provider API Change	Integration failure	Service disruption	Development impact	Medium	Medium	High
53	52	Vendor	Managed Service Provider Breach	Multiple client impact	Data exposure	Trust violation	High	High	Critical
54	53	Supply Chain	Third Party Software Update Compromise	System infection	Trust violation	Wide impact	High	High	Critical
55	54	Vendor	Vendor Bankruptcy/Closure	Support loss	Security gap	Migration requirement	Low	High	High
56	55	Physical	Data Center Power Event	Service disruption	Hardware damage	Data corruption	Low	High	Critical
57	56	Physical	Natural Disaster Impact	Infrastructure damage	Service disruption	Business impact	Low	High	Critical
58	57	Physical	HVAC System Failure	Hardware risk	System instability	Performance impact	Low	Medium	High
59	58	Physical	Fire Suppression System Discharge	Hardware damage	Service disruption	Recovery effort	Low	High	Critical
60	59	Physical	Physical Security System Failure	Unauthorized access	Asset risk	Compliance violation	Medium	Medium	High
61	60	Compliance	Audit Finding Non-remediation	Regulatory penalty	Certification loss	Legal exposure	Medium	High	High
62	61	Compliance	Privacy Regulation Violation	Financial penalty	Reputation damage	Legal exposure	Medium	High	Critical
63	62	Compliance	Data Sovereignty Violation	Regulatory penalty	Legal exposure	Service restriction	Medium	High	High
64	63	Compliance	Export Control Violation	Legal penalty	Business restriction	Regulatory impact	Medium	High	High
65	64	Compliance	License Compliance Violation	Financial penalty	Legal exposure	Vendor impact	Medium	Medium	High
66	65	Emerging Tech	AI Model Poisoning	Decision corruption	Service degradation	Recovery effort	High	High	High
67	66	Emerging Tech	Quantum Computing Threat	Encryption risk	Authentication risk	Security model impact	High	High	Critical
68	67	IoT	IoT Device Compromise	Network breach	Data collection	Control system risk	High	Medium	High
69	68	Blockchain	Smart Contract Vulnerability	Financial loss	Transaction manipulation	System integrity	High	High	High
70	69	Network	5G Infrastructure Exploitation	Communication compromise	Data interception	Service disruption	High	High	High
71	70	Authentication	Password Hash Leak	Credential compromise	Multiple system risk	Extended exposure	High	High	Critical
72	71	Authentication	OAuth Token Exposure	API compromise	Service impersonation	Data breach	High	Medium	High
73	72	Authentication	Session Token Hijacking	Account takeover	Unauthorized access	Transaction fraud	High	Medium	High
74	73	Authentication	SAML Certificate Expiration	SSO failure	Service disruption	Business impact	Low	Medium	High
75	74	Identity	Directory Service Sync Failure	Account issues	Access control gap	User management	Medium	Medium	High
76	75	Cloud	Container Orchestration Platform Compromise	Workload manipulation	Resource theft	Multi-tenant impact	High	High	Critical
77	76	Cloud	Cloud Storage Bucket Enumeration	Data discovery	Privacy breach	Compliance violation	Medium	Medium	High
78	77	Cloud	Serverless Function Injection	Code execution	Resource theft	Service manipulation	High	High	High
79	78	Cloud	Cloud IAM Role Misconfiguration	Excessive permissions	Resource exposure	Privilege escalation	Medium	Medium	High
80	79	Network	Cloud Network ACL Bypass	Unauthorized access	Security breach	Data exposure	High	Medium	High
81	80	Security	SIEM System Failure	Alert loss	Detection gap	Compliance violation	Medium	High	Critical
82	81	Security	Log Aggregation System Overflow	Data loss	Detection gap	Compliance violation	Medium	Medium	High
83	82	Security	Security Tool Alert Fatigue	Missed detection	Response delay	Control effectiveness	Medium	Medium	High
84	83	Security	Monitoring System False Positives	Resource waste	Response delay	Detection accuracy	Medium	Low	Medium
85	84	Network	Network Sensor Blind Spots	Visibility gap	Detection evasion	Investigation limit	High	Medium	High
86	85	API	API Rate Limiting Bypass	Resource exhaustion	Service disruption	Cost impact	Medium	Low	Medium
87	86	API	GraphQL Query Depth Attack	Resource consumption	Service degradation	Performance impact	High	Medium	High
88	87	Web	Web Application Cache Poisoning	Content manipulation	User impact	Service integrity	High	Medium	High
89	88	Web	Client-Side Template Injection	Data theft	User manipulation	Content integrity	High	Medium	High
90	89	Web	Service Worker Hijacking	Traffic interception	Content manipulation	Credential theft	High	Medium	High
91	90	Database	Database Connection Pool Exhaustion	Service unavailability	Transaction failure	Performance impact	Medium	Medium	High
92	91	Database	Time-Series Database Overflow	Data loss	Analysis impact	Storage exhaustion	Medium	Medium	High
93	92	Database	Database Replication Lag	Data inconsistency	Read errors	Application impact	Medium	Medium	High
94	93	Database	NoSQL Injection	Data manipulation	Unauthorized access	Service disruption	High	High	High
95	94	Database	Database Schema Poisoning	Data integrity	Application errors	Service disruption	High	High	Critical
96	95	Network	SDN Controller Compromise	Network manipulation	Traffic redirection	Wide impact	High	High	Critical
97	96	Network	Load Balancer Configuration Drift	Service disruption	Performance impact	Availability issues	Medium	Medium	High
98	97	Network	Network Device Firmware Compromise	Traffic manipulation	Security bypass	Performance impact	High	High	Critical
99	98	Security	SSL/TLS Version Deprecation	Service incompatibility	Security weakness	Compliance violation	Low	Medium	High
100	99	Network	Network Time Protocol Attack	Time sync issue	Certificate validation	Authentication issue	High	Medium	High
101	100	DevOps	Infrastructure as Code Template Poisoning	Resource misconfig	Security bypass	Deployment pollution	High	High	Critical
102	101	Container	Container Base Image Compromise	Widespread infection	Build pollution	Development impact	High	High	Critical
103	102	DevOps	Artifact Repository Compromise	Build corruption	Deployment pollution	Development impact	High	High	Critical
104	103	DevOps	Development Tool Chain Breach	Code manipulation	Build corruption	Deployment risk	High	High	Critical
105	104	Configuration	Configuration Management Tool Compromise	System misconfig	Security bypass	Wide impact	High	High	Critical
106	105	Mobile	Mobile Device Management Bypass	Policy enforcement	Data protection	Compliance violation	Medium	Medium	High
107	106	Endpoint	Endpoint Protection Failure	Malware exposure	System compromise	Data theft	Medium	High	High
108	107	Mobile	BYOD Policy Violation	Data exposure	Network risk	Compliance violation	Medium	Medium	Medium
109	108	Remote Access	Remote Desktop Protocol Exposure	Unauthorized access	System compromise	Lateral movement	High	High	High
110	109	Endpoint	Local Administrator Rights Abuse	System compromise	Malware installation	Security bypass	Medium	Medium	High
111	110	Business	Automated Payment System Compromise	Financial loss	Transaction fraud	Business impact	High	High	Critical
112	111	Business	Business Email Compromise	Financial fraud	Data theft	Relationship damage	High	High	Critical
113	112	Document	Document Management System Breach	Information disclosure	IP theft	Compliance violation	High	High	High
114	113	Business	Customer Support System Compromise	Data exposure	Service manipulation	Trust violation	High	High	High
115	114	HR	HR System Data Breach	Personal data exposure	Legal liability	Employee trust	High	High	Critical
116	115	AI	Machine Learning Model Extraction	IP theft	Competitive loss	Service replication	High	High	High
117	116	AI	Deep Fake Authentication Bypass	Identity fraud	Access control bypass	Trust violation	High	High	High
118	117	Edge Computing	Edge Computing Node Compromise	Data exposure	Service manipulation	Network breach	High	High	High
119	118	IoT	Digital Twin Manipulation	Decision impact	Operational disruption	Safety risk	High	High	High
120	119	Security	Zero-Trust Architecture Bypass	Security model failure	Access control bypass	Trust violation	High	High	Critical

13 KiB Raw Blame History

13 KiB

Raw Blame History