Risk Register
24 risks tracked
24
Total
22
Mitigating
2
Accepted
Risks
| Risk | Severity | Risk Score | Status | Owner |
|---|---|---|---|---|
Appropriate contacts are not maintained resulting in delays in breach response and reporting. | medium | 4→ 1 | mitigating | emal@avala.ai |
Appropriate contacts with interest groups are not maintained resulting in a lack of understanding of current threats. | medium | 4→ 1 | mitigating | emal@avala.ai |
Assets are not identified and protected according to company requirements. | medium | 4→ 1 | mitigating | emal@avala.ai |
Background verification checks are not carried out on all candidates or are not proportional to the business requirements or the classification of the information to be accessed by the role resulting in increased risk of malicious insider threats. | medium | 4→ 1 | mitigating | emal@avala.ai |
Bad actor poses as CEO and demands transfer of funds. | high | 6→ 3 | mitigating | emal@avala.ai |
Company data is breached due to human error and/or misunderstanding of company requirements. | medium | 4→ 1 | mitigating | emal@avala.ai |
Company data is breached during a disaster due to control failures. | high | 9→ 2 | mitigating | emal@avala.ai |
Company data is breached, corrupted or made unavailable due to a malware attack. | high | 3→ 1 | mitigating | emal@avala.ai |
Company records are altered due to lack of proper access controls, segregation of duties, and/or supervision. | high | 6→ 2 | mitigating | emal@avala.ai |
Company systems and data are breached by a company vendor. | low | 1 | mitigating | emal@avala.ai |
Company systems and data are breached by unauthorized persons due to improper use of encryption. | medium | 4→ 1 | mitigating | emal@avala.ai |
Company systems and data are breached by unauthorized persons via a vulnerability in non-production systems or networks. | medium | 4 | mitigating | emal@avala.ai |
Company systems and data are breached in a non-production environment. | low | 1 | accepted | emal@avala.ai |
Company systems and data are breached or destroyed due to a natural disaster or malicious attack. | low | 1 | accepted | emal@avala.ai |
Consent for processing of PII is not captured and can't be demonstrated when needed. | medium | 4→ 2 | mitigating | emal@avala.ai |
Critical records are lost or destroyed leading to fines and/or loss of business. | critical | 4→ 1 | mitigating | emal@avala.ai |
Employees do not return equipment at termination resulting in a loss of resources and/or breach of company data. | medium | 6→ 1 | mitigating | emal@avala.ai |
Equipment failures result in unavailability of critical company data and systems. | medium | 4→ 1 | mitigating | emal@avala.ai |
Incident response is slow and ineffective. | high | 9→ 1 | mitigating | emal@avala.ai |
Insufficient customer contract language does not enable legal basis for international transfer of PII. | medium | 4→ 1 | mitigating | emal@avala.ai |
Personnel fraudulently alter information security records due to excessive pressures from management to perform on external audits. | high | 3→ 2 | mitigating | emal@avala.ai |
Personnel fraudulently establish or pay vendors due to lack of dual approval controls in the accounts payable process. | high | 3→ 1 | mitigating | emal@avala.ai |
Personnel have not received training on how to manage PII and/or respond to privacy requests. | medium | 6→ 2 | mitigating | emal@avala.ai |
Personnel mishandle data due to a misunderstanding of the company requirements. | critical | 12→ 3 | mitigating | emal@avala.ai |