Risk Register
Track known risks and their mitigation status. Monitor progress and ensure accountability for security risks.
2
Open Risks
1
Being Mitigated
1
Under Monitoring
1
Closed
| Risk ID | Title | Category | Likelihood | Impact | Risk Level | Status | Owner | Due Date |
|---|---|---|---|---|---|---|---|---|
| R-001 | Ransomware Attack on Critical Systems | Malware | Medium | Critical | High | Open | CISO | 2025-02-15 |
| R-002 | Supply Chain Compromise | Third Party | Low | High | Medium | Mitigating | Procurement Lead | 2025-03-01 |
| R-003 | Insider Threat from Disgruntled Employee | Insider | Low | High | Medium | Monitoring | HR Security | 2025-04-15 |
| R-004 | Data Breach via Phishing | Social Engineering | High | High | High | Open | IT Security | 2025-01-30 |
| R-005 | DDoS Attack on Public Services | DDoS | Medium | Medium | Medium | Closed | Network Team | 2025-01-01 |
Risk Details
R-001
OpenRansomware Attack on Critical Systems
HighMitigation Strategy
Enhanced backup strategy, network segmentation
Assignment
Owner: CISO
Due Date: 2025-02-15
Last Updated: 2025-01-10
R-002
MitigatingSupply Chain Compromise
MediumMitigation Strategy
Vendor security assessments, contract clauses
Assignment
Owner: Procurement Lead
Due Date: 2025-03-01
Last Updated: 2025-01-08
R-003
MonitoringInsider Threat from Disgruntled Employee
MediumMitigation Strategy
Access monitoring, employee screening
Assignment
Owner: HR Security
Due Date: 2025-04-15
Last Updated: 2025-01-05
R-004
OpenData Breach via Phishing
HighMitigation Strategy
Security awareness training, email filtering
Assignment
Owner: IT Security
Due Date: 2025-01-30
Last Updated: 2025-01-12
R-005
ClosedDDoS Attack on Public Services
MediumMitigation Strategy
DDoS protection service implemented
Assignment
Owner: Network Team
Due Date: 2025-01-01
Last Updated: 2025-01-01