Document History
Version | Date | Author | Description of Change |
1.0 | 10/10/2023 | CISO | Initial Release |
2.0 | 10/10/2024 | CISO | Second Release |
Approvers List
Name | Role | Approver/Reviewer | Date |
| Technical head | TOP MANAGEMENT | 10/10/2023 |
| Technical head | TOP MANAGEMENT | 10/10/2024 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Risk Identification |
Risk Analysis |
Risk Mitigation Planning |
Risk Tracking |
Risk Id | Date Identified | Risk Submitter | Risk (description) | Category | Risk Type | Risk Owner | Probability | Prob Value | Impact | Impact Value | Risk Rating | Risk | Priority | Risk Response Type | Corrective Actions/Preventive Actions (Mitigation) | Probability | Prob Value | Impact | Impact Value | Risk Rating | Residual Risk |
ITD_01 | 10/10/2023 | ISG | Risk Assessment Table not updated. | Organizational | Opportunity | ITD | Likely | 0.5 | Very Serious | 0.4 | 0.2 | Moderate | Very High | Mitigate/Control | Risk Register is to be updated by ITD | Not Likely | 0.1 | Significant | 0.1 | 0.01 | Minimal |
ITD_02 | 10/10/2023 | ISG | List not update of IT assets (Desktop, laptops, servers, networking devices, computer components etc.) | Organizational | Threat | ITD | Highly Likely | 0.7 | Serious | 0.2 | 0.14 | Moderate | Medium | Mitigate/Control | ITD team have implement IT asset tracker tool.
| Likely | 0.5 | Significant | 0.1 | 0.05 | Minimal |
ITD_03 | 10/10/2023 | ISG | Licenses (Windows, Adobe, and other softwares) | Organizational | Threat | ITD | Low Likelihood | 0.3 | Very Serious | 0.4 | 0.12 | Moderate | Very High | Mitigate/Control | ITD have maintained the list of softwares, operating systems, applications etc. | Low Likelihood | 0.3 | Serious | 0.2 | 0.06 | Minimal |
ITD_04 | 10/10/2023 | ISG | Backup data loss | Technical | Threat | ITD | Highly Likely | 0.7 | Very Serious | 0.4 | 0.28 | Severe | High | Mitigate/Control | Backup Policy Is there. | Not Likely | 0.1 | Serious | 0.2 | 0.02 | Minimal |
ITD_06 | 10/10/2023 | ISG | Unavailability of the services (server) | Organizational | Threat | ITD | Highly Likely | 0.7 | Very Serious | 0.4 | 0.28 | Severe | High | Mitigate/Control | Code, Database and configuration backup is taken on weekly basis of all the servers in Cloud server | Not Likely | 0.1 | Serious | 0.2 | 0.02 | Minimal |
ITD_07 | 10/10/2023 | ISG | System Updates (Antivirus, system updates) | Technical | Threat | ITD | Likely | 0.5 | Serious | 0.2 | 0.1 | Moderate | Medium | Mitigate/Control | Centralized Antivirus is in place and server checks virus definition are done through it. | Low Likelihood | 0.3 | Significant | 0.1 | 0.03 | Minimal |
ITD_08 | 10/10/2023 | ISG | Vulnerability scan | Technical | Threat | ITD | Likely | 0.5 | Serious | 0.2 | 0.1 | Moderate | High | Mitigate/Control | Performed yearly scheduled VAPT and Patching for all the server | Not Likely | 0.1 | Serious | 0.2 | 0.02 | Minimal |
ITD_09 | 10/10/2023 | ISG | Admin Access to employees | Organizational | Threat | ITD | Highly Likely | 0.7 | Serious | 0.2 | 0.14 | Moderate | Medium | Mitigate/Control | Access Control Policy is in place, only Authorize User have the Admin access and IT team checks randomly systems | Low Likelihood | 0.3 | Marginal | 0.05 | 0.015 | Minimal |
ITD_10 | 10/10/2023 | ISG | Malware attack on system(s) | Technical | Threat | ITD | Highly Likely | 0.7 | Very Serious | 0.4 | 0.28 | Severe | Medium | Mitigate/Control | Antivirus, Removable Media blocked and Patch is in place | Likely | 0.5 | Serious | 0.2 | 0.1 | Moderate |
ITD_11 | 10/10/2023 | ISG | Virus attack on system(s) | Technical | Threat | ITD | Highly Likely | 0.7 | Serious | 0.2 | 0.14 | Moderate | High | Mitigate/Control | Firewall, Antivirus, Removable Media blocked and Patch is in place | Low Likelihood | 0.3 | Marginal | 0.05 | 0.015 | Minimal |
ITD_12 | 10/10/2023 | ISG | Incorrect data processing by employees | Technical | Threat | ITD | Low Likelihood | 0.3 | Serious | 0.2 | 0.06 | Minimal | High | Mitigate/Control | Removable media blocked, Firewall in place to block unwanted sites | Likely | 0.5 | Marginal | 0.05 | 0.025 | Minimal |
ITD_13 | 10/10/2023 | ISG | Leased lines not working | Technical | Threat | ITD | Highly Likely | 0.7 | Very Serious | 0.4 | 0.28 | Severe | Very High | Transfer | Multiple ISP and Load balancing firewall is in place to avoid any downtime | Low Likelihood | 0.3 | Marginal | 0.05 | 0.015 | Minimal |
ITD_14 | 10/10/2023 | ISG | Wi-Fi not working | Technical | Threat | ITD | Likely | 0.5 | Serious | 0.2 | 0.1 | Moderate | High | Mitigate/Control | Multiple wifi is in Place as a backup
| Likely | 0.5 | Serious | 0.2 | 0.1 | Moderate |
ITD_15 | 10/10/2023 | ISG | Biometric machines not working | Technical | Threat | ITD | Highly Likely | 0.7 | Very Serious | 0.4 | 0.28 | Severe | High | Mitigate/Control | Weekly backup for biometric server and machines and one biometric machine is in place as a backup | Not Likely | 0.1 | Significant | 0.1 | 0.01 | Minimal |
ITD_16 | 10/10/2023 | ISG | Hacking activity | Technical | Threat | ITD | Highly Likely | 0.7 | Catastrophic | 0.8 | 0.56 | Severe | Very High | Mitigate/Control | VAPT, Firewall, Antivirus, Removable Media blocked and Patch is in place | Not Likely | 0.1 | Marginal | 0.05 | 0.005 | Minimal |
ITD_17 | 10/10/2023 | ISG | Fraud activity on company devices | Technical | Threat | ITD | Highly Likely | 0.7 | Very Serious | 0.4 | 0.28 | Severe | Very High | Mitigate/Control | Firewall in place and Removable media blocked | Not Likely | 0.1 | Significant | 0.1 | 0.01 | Minimal |
ITD_18 | 10/10/2023 | ISG | Physical Security breach | Organizational | Threat | ITD | Highly Likely | 0.7 | Serious | 0.2 | 0.14 | Moderate | Medium | Mitigate/Control | Access control policy Is in Place
| Not Likely | 0.1 | Significant | 0.1 | 0.01 | Minimal |
ITD_19 | 10/10/2023 | ISG | Theft of company assets and confidential data | Technical | Threat | ITD | Highly Likely | 0.7 | Very Serious | 0.4 | 0.28 | Severe | Very High | Mitigate/Control | Removable media blocked, drive locked with bit locker | Not Likely | 0.1 | Significant | 0.1 | 0.01 | Minimal |
ITD_20 | 10/10/2023 | ISG | Natural disaster like flood, fire, cyclone, earth quake | Organizational | Threat | ITD | Highly Likely | 0.7 | Very Serious | 0.4 | 0.28 | Severe | Very High | Accept | BCP is implemented and work from home is there | Not Likely | 0.1 | Very Serious | 0.4 | 0.04 | Moderate |
ITD_21 | 10/10/2023 | IT/ | Not enough hardware | Budget | Threat | ITD | Likely | 0.5 | Significant | 0.1 | 0.05 | Minimal | Medium | Mitigate/Control | Inventory is maintained in advance | Not Likely | 0.1 | Significant | 0.1 | 0.01 | Minimal |
ITD_22 | 10/10/2023 | ISG | Fire due to short circuit | Technical | Threat | Admin | Highly Likely | 0.7 | Very Serious | 0.4 | 0.28 | Severe | Very High | Mitigate/Control | Fire Extinguisher, Fire Alarm is in place | Low Likelihood | 0.3 | Very Serious | 0.4 | 0.12 | Moderate |
ITD_23 | 10/10/2023 | ISG | Technology that is out of the date to the extent that it is difficult to maintain and at risk of failures | Technical | Threat | ITD | Highly Likely | 0.7 | Serious | 0.2 | 0.14 | Moderate | High | Mitigate/Control | Patching and VAPT is performed | Not Likely | 0.1 | Serious | 0.2 | 0.02 | Minimal |
ITD_24 | 10/10/2023 | CEO | Use of social media in company | Technical | Threat | ITD | Likely | 0.5 | Significant | 0.1 | 0.05 | Minimal | Medium | Mitigate/Control | Access Control Policy is in place, Firewall is used to blocked the unwanted websites | Likely | 0.5 | Significant | 0.1 | 0.05 | Minimal |
ITD_25 | 10/10/2023 | IT | Admin Access to employees | Technical | Threat |
ITD | Likely | 0.5 | Significant | 0.1 | 0.05 | Minimal | Medium | Mitigate/Control | We do not provide admin access to employees. Incase anyone needs it then should be approved from IT head or anyone from top management. | Likely | 0.5 | Significant | 0.1 | 0.05 | Minimal |
ITD_26 | 10/10/2023 | IT | USB unblocked | Technical | Threat |
ITD | Low Likelihood | 0.3 | Serious | 0.2 | 0.06 | Minimal | Very High | Mitigate/Control | USB Blocked in devices. | Low Likelihood | 0.3 | Very Serious | 0.4 | 0.12 | Moderate |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Risk Identification |
Risk Analysis |
Risk Mitigation Planning |
Risk Tracking |
Risk Id | Date Identified | Risk Submitter | Risk (description) | Category | Risk Type | Risk Owner | Probability | Prob Value | Impact | Impact Value | Risk Rating | Risk | Priority | Risk Response Type | Corrective Actions/Preventive Actions (Mitigation) | Probability | Prob Value | Impact | Impact Value | Risk Rating | Residual Risk |
ITD_27 | 10/10/2023 | IT | Access Management (Misuse of credentials) | Organizational | Threat | ITD | Highly Likely | 0.7 | Very Serious | 0.4 | 0.28 | Severe | Very High | Mitigate/Control | Create Access Control Management and Revoke Policy to manage internal and client's credentials. | Not Likely | 0.1 | Significant | 0.1 | 0.01 | Minimal |
ITD_28 | 10/10/2023 | IT | Firewall Crash Down or Powe Failure | Technical | Threat | ITD | Highly Likely | 0.7 | Very Serious | 0.4 | 0.28 | Severe | Very High | Mitigate/Control | Genset in place for Power down. | Low Likelihood | 0.3 | Very Serious | 0.4 | 0.12 | Moderate |
ITD_29 | 10/10/2023 | IT | Wifi Password theft | Technical | Threat | ITD | Highly Likely | 0.7 | Very Serious | 0.4 | 0.28 | Severe | Very High | Mitigate/Control | Wi-Fi passwords are encrypted. Firewall used for blocking IPs | Not Likely | 0.1 | Significant | 0.1 | 0.01 | Minimal |
ITD_30 | 10/10/2023 | IT | Antivirus on Linux | Scope | Exception | ITD | Not Likely | 0.1 | Significant | 0.1 | 0.01 | Minimal | Low | Mitigate/Control | As per standard, there is no need of antivirus in ubutnu systems | Not Likely | 0.1 | Significant | 0.1 | 0.01 | Minimal |
orga