Risk | Impact | Probability (1-5) | Severity (1-5) | Score | Controls |
Software vulnerability | Data security compromised | 2 | 5 | 10 | C1, C3, C5, C7, C11 |
Admin not available | Admin tasks delayed | 2 | 4 | 8 | C9 |
Team members not available | Unable to fix problems | 2 | 4 | 8 | C10 |
Security incident by human error | Data security, credentials compromised | 3 | 5 | 15 | C1, C4, C7, C11 |
Server failure | Service down | 3 | 4 | 12 | C11 |
Unavailability due to SW/HW configuration error | Service partly down | 4 | 3 | 12 | C8, C10, C11 |
Security incident due to coding error | Data security compromised | 3 | 5 | 15 | C1, C4, C7, C9 |
DOS attack | Service down or slow | 1 | 5 | 5 | C3, C5, C6, C9 |
Network disruptions | Service down or slow, resources unavailable | 2 | 4 | 8 | C11, C12 |
Monitoring problems | Lack of information | 1 | 2 | 2 | C11 |
Losing database data | Service down or partly down | 1 | 5 | 5 | C2, C4, C6 |
Data loss due to human error | Service partly down | 2 | 4 | 8 | C2, C4 |
(Use University risk criteria and scales: https://flamma.helsinki.fi/s/yVvH4 )
11.3 Controls
# | Control |
C1 | Security awareness |
C2 | Backups |
C3 | Up-to-date software |
C4 | Documentation |
C5 | Monitoring |
C6 | Replicated architecture |
C7 | Security policies and practices |
C8 | Testing and code revision |
C9 | Substitute practices |
C10 | Team on-duty practices |
C11 | Cooperation with CSC |
C12 | Non-digital contacts and documentation |